Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
z17Mz7zumpwTUMRxyS.exe

Overview

General Information

Sample name:z17Mz7zumpwTUMRxyS.exe
Analysis ID:1546298
MD5:337574f09ff0a772aedbd6f7c2064496
SHA1:f24b5b9369763cc23758407fa1729294750d8e5e
SHA256:96bfa7096fb76234a5774f70dc444d719c7553ac83db00fdbb04c1eec318d4c4
Tags:exeuser-Porcupine
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Snake Keylogger
.NET source code contains potential unpacker
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • z17Mz7zumpwTUMRxyS.exe (PID: 6368 cmdline: "C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe" MD5: 337574F09FF0A772AEDBD6F7C2064496)
    • z17Mz7zumpwTUMRxyS.exe (PID: 5692 cmdline: "C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe" MD5: 337574F09FF0A772AEDBD6F7C2064496)
    • z17Mz7zumpwTUMRxyS.exe (PID: 5712 cmdline: "C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe" MD5: 337574F09FF0A772AEDBD6F7C2064496)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7733074716:AAHPqUDZNcrQPzH_G03x5ppIOnkxZuz-Nyk/sendMessage?chat_id=7337843299", "Token": "7733074716:AAHPqUDZNcrQPzH_G03x5ppIOnkxZuz-Nyk", "Chat_id": "7337843299", "Version": "5.1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
      • 0x1487d:$a1: get_encryptedPassword
      • 0x14b69:$a2: get_encryptedUsername
      • 0x14689:$a3: get_timePasswordChanged
      • 0x14784:$a4: get_passwordField
      • 0x14893:$a5: set_encryptedPassword
      • 0x15f0b:$a7: get_logins
      • 0x15e6e:$a10: KeyLoggerEventArgs
      • 0x15ad9:$a11: KeyLoggerEventArgsEventHandler
      00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
      • 0x1982c:$x1: $%SMTPDV$
      • 0x18208:$x2: $#TheHashHere%&
      • 0x197d4:$x3: %FTPDV$
      • 0x181a8:$x4: $%TelegramDv$
      • 0x15ad9:$x5: KeyLoggerEventArgs
      • 0x15e6e:$x5: KeyLoggerEventArgs
      • 0x197f8:$m2: Clipboard Logs ID
      • 0x19a36:$m2: Screenshot Logs ID
      • 0x19b46:$m2: keystroke Logs ID
      • 0x19e20:$m3: SnakePW
      • 0x19a0e:$m4: \SnakeKeylogger\
      00000004.00000002.4591851679.000000000352F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        Click to see the 13 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.z17Mz7zumpwTUMRxyS.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          4.2.z17Mz7zumpwTUMRxyS.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
            4.2.z17Mz7zumpwTUMRxyS.exe.400000.0.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
              4.2.z17Mz7zumpwTUMRxyS.exe.400000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
              • 0x14a7d:$a1: get_encryptedPassword
              • 0x14d69:$a2: get_encryptedUsername
              • 0x14889:$a3: get_timePasswordChanged
              • 0x14984:$a4: get_passwordField
              • 0x14a93:$a5: set_encryptedPassword
              • 0x1610b:$a7: get_logins
              • 0x1606e:$a10: KeyLoggerEventArgs
              • 0x15cd9:$a11: KeyLoggerEventArgsEventHandler
              4.2.z17Mz7zumpwTUMRxyS.exe.400000.0.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
              • 0x1c400:$a2: \Comodo\Dragon\User Data\Default\Login Data
              • 0x1b632:$a3: \Google\Chrome\User Data\Default\Login Data
              • 0x1ba65:$a4: \Orbitum\User Data\Default\Login Data
              • 0x1caa4:$a5: \Kometa\User Data\Default\Login Data
              Click to see the 28 entries

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-31T18:32:14.872953+010020229301A Network Trojan was detected4.245.163.56443192.168.2.649767TCP
              2024-10-31T18:32:52.746498+010020229301A Network Trojan was detected4.245.163.56443192.168.2.649967TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-31T18:32:03.632627+010028033053Unknown Traffic192.168.2.649716188.114.96.3443TCP
              2024-10-31T18:32:05.307474+010028033053Unknown Traffic192.168.2.649719188.114.96.3443TCP
              2024-10-31T18:32:10.246567+010028033053Unknown Traffic192.168.2.649741188.114.96.3443TCP
              2024-10-31T18:32:11.963672+010028033053Unknown Traffic192.168.2.649754188.114.96.3443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-31T18:32:01.123067+010028032742Potentially Bad Traffic192.168.2.649711132.226.247.7380TCP
              2024-10-31T18:32:02.904246+010028032742Potentially Bad Traffic192.168.2.649711132.226.247.7380TCP
              2024-10-31T18:32:04.533073+010028032742Potentially Bad Traffic192.168.2.649717132.226.247.7380TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Found malware configuration
              Source: 00000004.00000002.4591851679.0000000003361000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7733074716:AAHPqUDZNcrQPzH_G03x5ppIOnkxZuz-Nyk/sendMessage?chat_id=7337843299", "Token": "7733074716:AAHPqUDZNcrQPzH_G03x5ppIOnkxZuz-Nyk", "Chat_id": "7337843299", "Version": "5.1"}
              Multi AV Scanner detection for submitted file
              Source: z17Mz7zumpwTUMRxyS.exeReversingLabs: Detection: 31%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for sample
              Source: z17Mz7zumpwTUMRxyS.exeJoe Sandbox ML: detected

              Location Tracking

              barindex
              Tries to detect the country of the analysis system (by using the IP)
              Source: unknownDNS query: name: reallyfreegeoip.org
              Source: z17Mz7zumpwTUMRxyS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49714 version: TLS 1.0
              Source: z17Mz7zumpwTUMRxyS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 0759236Fh0_2_07591900
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 0759236Fh0_2_07591F8C
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 0186E61Fh4_2_0186E431
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 0186EFA9h4_2_0186E431
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 0186FA39h4_2_0186F778
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h4_2_0186D7F0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 06EE88EDh4_2_06EE85B0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_06EE3676
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 06EE6119h4_2_06EE5E70
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 06EE72A2h4_2_06EE6FF8
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 06EE69C9h4_2_06EE6720
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 06EE0741h4_2_06EE0498
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 06EE76F9h4_2_06EE7450
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 06EE5869h4_2_06EE55C0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 06EE7FA9h4_2_06EE7D00
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 06EE6571h4_2_06EE62C8
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 06EE5CC1h4_2_06EE5A18
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_06EE3360
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 06EE6E21h4_2_06EE6B78
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_06EE3350
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 06EE0B99h4_2_06EE08F0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 06EE7B51h4_2_06EE78A8
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 06EE02E9h4_2_06EE0040
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 06EE53E9h4_2_06EE5140
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4x nop then jmp 06EE8401h4_2_06EE8158

              Networking

              barindex
              Yara detected Generic Downloader
              Source: Yara matchFile source: 4.2.z17Mz7zumpwTUMRxyS.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.raw.unpack, type: UNPACKEDPE
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.77 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.77 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.77 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.77 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.77 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.77 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.77 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.77 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
              Source: Joe Sandbox ViewIP Address: 132.226.247.73 132.226.247.73
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
              Source: unknownDNS query: name: checkip.dyndns.org
              Source: unknownDNS query: name: reallyfreegeoip.org
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49717 -> 132.226.247.73:80
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49711 -> 132.226.247.73:80
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49716 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49719 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49741 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49754 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.6:49767
              Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.6:49967
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49714 version: TLS 1.0
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.77 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.77 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.77 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.77 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.77 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.77 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.77 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.77 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
              Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
              Source: z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003512000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034BB000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003521000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034C8000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034E5000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003427000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
              Source: z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003418000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003512000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034BB000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034F3000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003521000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.000000000346A000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034C8000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034E5000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003427000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
              Source: z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
              Source: z17Mz7zumpwTUMRxyS.exe, 00000000.00000002.2160046971.0000000004A0A000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
              Source: z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003512000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034BB000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003521000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034C8000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034E5000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.000000000343F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
              Source: z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.orgX
              Source: z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003512000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034BB000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003521000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.000000000346A000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034C8000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034E5000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003427000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
              Source: z17Mz7zumpwTUMRxyS.exe, 00000000.00000002.2160046971.0000000004A0A000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003427000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
              Source: z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003427000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.77
              Source: z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003512000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034BB000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003521000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.000000000346A000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034C8000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.77$
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
              Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
              Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 4.2.z17Mz7zumpwTUMRxyS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 4.2.z17Mz7zumpwTUMRxyS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 4.2.z17Mz7zumpwTUMRxyS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 4.2.z17Mz7zumpwTUMRxyS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000000.00000002.2160046971.0000000004A0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 00000000.00000002.2160046971.0000000004A0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: Process Memory Space: z17Mz7zumpwTUMRxyS.exe PID: 6368, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: Process Memory Space: z17Mz7zumpwTUMRxyS.exe PID: 6368, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: Process Memory Space: z17Mz7zumpwTUMRxyS.exe PID: 5712, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: Process Memory Space: z17Mz7zumpwTUMRxyS.exe PID: 5712, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess Stats: CPU usage > 49%
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_01153E340_2_01153E34
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_0115E04C0_2_0115E04C
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_0115703A0_2_0115703A
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071C21B00_2_071C21B0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071CAEF80_2_071CAEF8
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071CB6B80_2_071CB6B8
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071C23F00_2_071C23F0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071C72100_2_071C7210
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071C72580_2_071C7258
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071E23380_2_071E2338
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071E10690_2_071E1069
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071E78F80_2_071E78F8
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071EC7390_2_071EC739
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071EC7480_2_071EC748
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071E56100_2_071E5610
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071E56020_2_071E5602
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071E45F00_2_071E45F0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071EC3100_2_071EC310
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071EDE120_2_071EDE12
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071EDE200_2_071EDE20
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071EBED80_2_071EBED8
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071EEB0D0_2_071EEB0D
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071ED9E80_2_071ED9E8
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071E58970_2_071E5897
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071E58A80_2_071E58A8
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071F21060_2_071F2106
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071FCD540_2_071FCD54
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071F6CE80_2_071F6CE8
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071F8C000_2_071F8C00
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071F2C380_2_071F2C38
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071F6CD80_2_071F6CD8
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_075932700_2_07593270
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_075908880_2_07590888
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_0186C1904_2_0186C190
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_018661084_2_01866108
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_0186B4A04_2_0186B4A0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_0186E4314_2_0186E431
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_0186C4704_2_0186C470
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_018667304_2_01866730
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_0186C7534_2_0186C753
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_0186F7784_2_0186F778
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_018698584_2_01869858
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_0186BBB84_2_0186BBB8
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_01864AD94_2_01864AD9
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_0186CA334_2_0186CA33
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_0186BEB04_2_0186BEB0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_018635734_2_01863573
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_0186B4F34_2_0186B4F3
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_0186D7E04_2_0186D7E0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_0186D7F04_2_0186D7F0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EEA6004_2_06EEA600
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE9FB04_2_06EE9FB0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EEBF304_2_06EEBF30
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EEAC484_2_06EEAC48
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE85B04_2_06EE85B0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EEC5804_2_06EEC580
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE0D484_2_06EE0D48
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EEB2904_2_06EEB290
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EED2184_2_06EED218
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE8BF94_2_06EE8BF9
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EECBD04_2_06EECBD0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EEB8E04_2_06EEB8E0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE36D84_2_06EE36D8
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE5E604_2_06EE5E60
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE5E704_2_06EE5E70
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE6FEF4_2_06EE6FEF
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE6FF84_2_06EE6FF8
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE9FA04_2_06EE9FA0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE67204_2_06EE6720
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EEBF204_2_06EEBF20
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE67124_2_06EE6712
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE7CF04_2_06EE7CF0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE04884_2_06EE0488
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE04984_2_06EE0498
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE74504_2_06EE7450
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE743F4_2_06EE743F
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EEAC374_2_06EEAC37
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EEA5F04_2_06EEA5F0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE55C04_2_06EE55C0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE85A74_2_06EE85A7
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE55884_2_06EE5588
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EEC5704_2_06EEC570
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE7D004_2_06EE7D00
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE62C84_2_06EE62C8
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE62B84_2_06EE62B8
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EEB2814_2_06EEB281
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE5A084_2_06EE5A08
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EED2094_2_06EED209
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE5A184_2_06EE5A18
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EECBC04_2_06EECBC0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE43D84_2_06EE43D8
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE6B694_2_06EE6B69
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE33604_2_06EE3360
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE6B784_2_06EE6B78
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE33504_2_06EE3350
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE08E14_2_06EE08E1
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE08F04_2_06EE08F0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EEB8D04_2_06EEB8D0
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE78A84_2_06EE78A8
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE78984_2_06EE7898
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE28484_2_06EE2848
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE00404_2_06EE0040
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE28584_2_06EE2858
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE00064_2_06EE0006
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE81484_2_06EE8148
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE51404_2_06EE5140
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE81584_2_06EE8158
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE51324_2_06EE5132
              Source: z17Mz7zumpwTUMRxyS.exe, 00000000.00000000.2120435824.00000000009FA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameTSZp.exe6 vs z17Mz7zumpwTUMRxyS.exe
              Source: z17Mz7zumpwTUMRxyS.exe, 00000000.00000002.2158793328.0000000000F0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs z17Mz7zumpwTUMRxyS.exe
              Source: z17Mz7zumpwTUMRxyS.exe, 00000000.00000002.2167285330.000000000B960000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs z17Mz7zumpwTUMRxyS.exe
              Source: z17Mz7zumpwTUMRxyS.exe, 00000000.00000002.2160046971.000000000476A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs z17Mz7zumpwTUMRxyS.exe
              Source: z17Mz7zumpwTUMRxyS.exe, 00000000.00000002.2160046971.0000000004A0A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs z17Mz7zumpwTUMRxyS.exe
              Source: z17Mz7zumpwTUMRxyS.exe, 00000000.00000002.2159681307.00000000030EB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs z17Mz7zumpwTUMRxyS.exe
              Source: z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs z17Mz7zumpwTUMRxyS.exe
              Source: z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4590921574.00000000012F7000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs z17Mz7zumpwTUMRxyS.exe
              Source: z17Mz7zumpwTUMRxyS.exeBinary or memory string: OriginalFilenameTSZp.exe6 vs z17Mz7zumpwTUMRxyS.exe
              Source: z17Mz7zumpwTUMRxyS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: 4.2.z17Mz7zumpwTUMRxyS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 4.2.z17Mz7zumpwTUMRxyS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 4.2.z17Mz7zumpwTUMRxyS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 4.2.z17Mz7zumpwTUMRxyS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000000.00000002.2160046971.0000000004A0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 00000000.00000002.2160046971.0000000004A0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: Process Memory Space: z17Mz7zumpwTUMRxyS.exe PID: 6368, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: Process Memory Space: z17Mz7zumpwTUMRxyS.exe PID: 6368, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: Process Memory Space: z17Mz7zumpwTUMRxyS.exe PID: 5712, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: Process Memory Space: z17Mz7zumpwTUMRxyS.exe PID: 5712, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: z17Mz7zumpwTUMRxyS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.raw.unpack, B--.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.raw.unpack, B--.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.raw.unpack, B--.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.raw.unpack, B--.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.raw.unpack, ---.csBase64 encoded string: 'THQ3Z45Jg3URHo8e+06nGgz/UYukPolASP4GseDfIchCdCKYuYUZ/b4v4XwW2oIa'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.raw.unpack, ---.csBase64 encoded string: 'THQ3Z45Jg3URHo8e+06nGgz/UYukPolASP4GseDfIchCdCKYuYUZ/b4v4XwW2oIa'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, IiReqcx60OBZHbFc1Z.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, QvXfi1jDSpws3hGgjI.csSecurity API names: _0020.SetAccessControl
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, QvXfi1jDSpws3hGgjI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, QvXfi1jDSpws3hGgjI.csSecurity API names: _0020.AddAccessRule
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, QvXfi1jDSpws3hGgjI.csSecurity API names: _0020.SetAccessControl
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, QvXfi1jDSpws3hGgjI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, QvXfi1jDSpws3hGgjI.csSecurity API names: _0020.AddAccessRule
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, QvXfi1jDSpws3hGgjI.csSecurity API names: _0020.SetAccessControl
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, QvXfi1jDSpws3hGgjI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, QvXfi1jDSpws3hGgjI.csSecurity API names: _0020.AddAccessRule
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, IiReqcx60OBZHbFc1Z.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, IiReqcx60OBZHbFc1Z.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/1@2/2
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\z17Mz7zumpwTUMRxyS.exe.logJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeMutant created: \Sessions\1\BaseNamedObjects\vKWPzuPBdxbCmiadkClPofrE
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeMutant created: NULL
              Source: z17Mz7zumpwTUMRxyS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: z17Mz7zumpwTUMRxyS.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: z17Mz7zumpwTUMRxyS.exe, 00000000.00000000.2120377698.0000000000952000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO Service (CustomerId, Active, Date) VALUES (@customerId, '1', @date);
              Source: z17Mz7zumpwTUMRxyS.exe, 00000000.00000000.2120377698.0000000000952000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(*) FROM Service WHERE (Active LIKE '1') AND (CustomerId = @id);
              Source: z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4593160875.00000000043EF000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000035E2000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.000000000359C000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000035EE000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000035BA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: z17Mz7zumpwTUMRxyS.exeReversingLabs: Detection: 31%
              Source: unknownProcess created: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe "C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe"
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess created: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe "C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe"
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess created: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe "C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe"
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess created: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe "C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe"Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess created: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe "C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe"Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: dwrite.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: iconcodecservice.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: z17Mz7zumpwTUMRxyS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: z17Mz7zumpwTUMRxyS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

              Data Obfuscation

              barindex
              .NET source code contains potential unpacker
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, QvXfi1jDSpws3hGgjI.cs.Net Code: dUnAM9tLeA System.Reflection.Assembly.Load(byte[])
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, QvXfi1jDSpws3hGgjI.cs.Net Code: dUnAM9tLeA System.Reflection.Assembly.Load(byte[])
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.3f55ad0.0.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.7180000.5.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, QvXfi1jDSpws3hGgjI.cs.Net Code: dUnAM9tLeA System.Reflection.Assembly.Load(byte[])
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_071F4910 push eax; ret 0_2_071F491D
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 0_2_07593199 push esp; retf 0_2_075931A5
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_018624B9 push 8BFFFFFFh; retf 4_2_018624BF
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeCode function: 4_2_06EE932F push ecx; retf 4_2_06EE933A
              Source: z17Mz7zumpwTUMRxyS.exeStatic PE information: section name: .text entropy: 7.635987509883049
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, eG004UzD5ckWRQa819.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'aOTQ8uWrx9', 'wXRQ5rDQHJ', 'B5EQK5e2jm', 'DvcQJxnCY1', 'ugiQBAb4jJ', 'ag7QQnSgWn', 'sCbQP1WDkt'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, PLISSPX5hdaCwaBwsJ.csHigh entropy of concatenated method names: 'PpHBgVwGEL', 'h1XBRUB60o', 'Q3oB0KbH2b', 'yZUBfiootX', 'YchBWRIx4l', 'udnB7V2Dvp', 'Next', 'Next', 'Next', 'NextBytes'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, LoeuMlhTo3TITZsZx6.csHigh entropy of concatenated method names: 'dbbMeghbE', 'JbLqlWMQW', 'Kt0p97tZL', 'EIrekFXGn', 'O0bFD6TgT', 'BIW2vxbcH', 's9Tw0WnkLo4WoTvqBU', 'O8ZwcGl0TZk4epV5D1', 'ilkBw0fI1', 'lSoPj6xMl'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, IFcAgAZipYo6SxdoX5.csHigh entropy of concatenated method names: 'JSLB6lKsXb', 'pF8BwsceTG', 'bcGBct44st', 'Fc9BYrkRqu', 'ugOBaLyTZ4', 'Gi9BDYK393', 'gDcBjFvqd3', 'JuEBlV6rhF', 'HYpB4ng7gd', 'pA1BCnADKW'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, k1imPItLqbSxLeaFk8H.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'CDxPWiHhP7', 'EXLPdPmT7b', 'OutPo7SZ1k', 'LCcP1Hx1C9', 'O69PrqljTv', 'GUWPOOxbZw', 'xQkPmguqCv'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, QvXfi1jDSpws3hGgjI.csHigh entropy of concatenated method names: 'k8NLUFSwQF', 'sJZL65jolG', 'WKvLwv6DS7', 'OKvLcIhgFF', 'nntLYxLnII', 'bV6LaCQqV0', 'vl0LDA5Xdg', 'dFCLjWdbGd', 'KcXLlkOyLv', 'angL47MNuV'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, JS4Jihw3vPeMflbnCM.csHigh entropy of concatenated method names: 'Dispose', 'i08tX9JXoT', 'XJ7hR73TIf', 'PauHHsfPNn', 'gfFt9cAgAi', 'BYotz6Sxdo', 'ProcessDialogKey', 'X5shvLISSP', 'ohdhtaCwaB', 'gsJhhyOUgf'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, c5Y8c6n5sI71Qvuwwp.csHigh entropy of concatenated method names: 'GVPDigVl1d', 'VD0DbJcopJ', 'JyqDMTxGTW', 'ptcDqRybUS', 'CA4DN2A3aR', 'p9CDp4rYFf', 'C4IDefg3C5', 'ppQDxIAK6S', 'ktkDFLN9OT', 'QUsD20YeV5'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, G08gi9ODyqoBDIN1WF.csHigh entropy of concatenated method names: 'iQ9JZkVSOW', 'iKQJ9iqIKB', 'A2hBv4npWf', 'IFhBtCSN8f', 'YDRJyBiahB', 'afiJs9b6Xx', 'uZJJVlINrC', 'cEtJWOVPYb', 'UHTJdGRhcl', 'F6SJoRvs6X'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, SMh4rQgY6x43YRmYFV.csHigh entropy of concatenated method names: 'FC8aUvV5hd', 'BBHawFONgQ', 'xtEaYpPUyJ', 'IqWaDjKd4s', 'O2Cajxusx9', 'otHYrZpWuv', 'p9PYOxjC3k', 'SDoYmTMAc1', 'ixSYZWFe43', 'qMMYXiFbmL'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, QVUBX2tvhFwCvTFCOOQ.csHigh entropy of concatenated method names: 'b0JQiOQW58', 'V21QbUW6M6', 'JntQM23U3M', 'UYnQqQUQsl', 'PbNQNTBYsv', 'iZyQpe5aH6', 'RBIQeX9N33', 'FdKQxr3BqY', 'FGFQFDuSMm', 'zfiQ2qvdWy'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, mEYVf2VAqOgA2uLtLV.csHigh entropy of concatenated method names: 'kZD8xlrFoH', 'vgd8FIaUce', 'dFI8g83fXD', 'k8l8RokNyg', 'iRK8fHmufT', 'Hiw87iTOGV', 'JNS8uNhCgb', 'drQ8kHmEXO', 'kqB8TOdoge', 'SHq8yBwQsJ'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, hwmPr6Abi1PQvOnGQ7.csHigh entropy of concatenated method names: 'PmftDiReqc', 'f0OtjBZHbF', 'Jkot4Zomtl', 'EU2tCKUG7j', 'xjFt5LfoMh', 'mrQtKY6x43', 'l2CtjgPXJKyWlgbOn2', 'bkexruKqd0aBKZC5st', 'OUIttuoU2G', 'gTytLFfn97'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, jblKSx1aPCVo8PiMOD.csHigh entropy of concatenated method names: 'telJ4dSWX4', 'W3uJCBOZGi', 'ToString', 'A5CJ6eauMl', 'CYlJwDZTbf', 'ioAJc6LUyY', 'pKpJYxSC28', 'ThlJaAWlLm', 'bS4JDifeUc', 'YprJjbxLbN'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, WOATJTRBeqWbBxBb04.csHigh entropy of concatenated method names: 'FGSCgVTGNb6cPHpYdlH', 'WWIe7PT9DZ9RUj6YEnH', 'SVgaBWamSk', 'OLjaQJ1Uwq', 'ay0aPHV9vL', 'vffFuAT7M0hCdRK28xv', 'GD0bVjTD563saAL3OUO', 'htDxAkTU1vEE2mixBU9'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, OOUgfu9fihgln4ub9V.csHigh entropy of concatenated method names: 'qMVQtmtqIZ', 'F00QL0QFTp', 'BSrQAIFHgA', 'sM1Q65g8dC', 'ommQwttkqF', 'U0IQYDAdQZ', 'K5dQa8UdkK', 'OaCBm3PJK9', 'I2SBZ6Mjkq', 'tYeBXcBCVd'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, IiReqcx60OBZHbFc1Z.csHigh entropy of concatenated method names: 'hyowWbmFxn', 'VKlwdlkj1s', 'qJnwo1cCon', 'E2kw1KTHo9', 'DMjwr7Mt8R', 'Sn9wOaWBra', 'pZQwmOjytG', 'qsywZZAalK', 'g9UwXRPMLH', 'sbTw9G3Z3v'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4905120.2.raw.unpack, Q512M7FkoZomtlFU2K.csHigh entropy of concatenated method names: 'nUPcqLa54D', 'Aoicp6QDb7', 'wwjcxhbxCO', 'BTFcFsuPDN', 'WCUc5a87pY', 'oBQcKBLW3V', 'ItscJPZxMB', 'YaWcBQX9dH', 't6ocQsOOv5', 'TkjcP8Z0mJ'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, eG004UzD5ckWRQa819.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'aOTQ8uWrx9', 'wXRQ5rDQHJ', 'B5EQK5e2jm', 'DvcQJxnCY1', 'ugiQBAb4jJ', 'ag7QQnSgWn', 'sCbQP1WDkt'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, PLISSPX5hdaCwaBwsJ.csHigh entropy of concatenated method names: 'PpHBgVwGEL', 'h1XBRUB60o', 'Q3oB0KbH2b', 'yZUBfiootX', 'YchBWRIx4l', 'udnB7V2Dvp', 'Next', 'Next', 'Next', 'NextBytes'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, LoeuMlhTo3TITZsZx6.csHigh entropy of concatenated method names: 'dbbMeghbE', 'JbLqlWMQW', 'Kt0p97tZL', 'EIrekFXGn', 'O0bFD6TgT', 'BIW2vxbcH', 's9Tw0WnkLo4WoTvqBU', 'O8ZwcGl0TZk4epV5D1', 'ilkBw0fI1', 'lSoPj6xMl'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, IFcAgAZipYo6SxdoX5.csHigh entropy of concatenated method names: 'JSLB6lKsXb', 'pF8BwsceTG', 'bcGBct44st', 'Fc9BYrkRqu', 'ugOBaLyTZ4', 'Gi9BDYK393', 'gDcBjFvqd3', 'JuEBlV6rhF', 'HYpB4ng7gd', 'pA1BCnADKW'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, k1imPItLqbSxLeaFk8H.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'CDxPWiHhP7', 'EXLPdPmT7b', 'OutPo7SZ1k', 'LCcP1Hx1C9', 'O69PrqljTv', 'GUWPOOxbZw', 'xQkPmguqCv'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, QvXfi1jDSpws3hGgjI.csHigh entropy of concatenated method names: 'k8NLUFSwQF', 'sJZL65jolG', 'WKvLwv6DS7', 'OKvLcIhgFF', 'nntLYxLnII', 'bV6LaCQqV0', 'vl0LDA5Xdg', 'dFCLjWdbGd', 'KcXLlkOyLv', 'angL47MNuV'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, JS4Jihw3vPeMflbnCM.csHigh entropy of concatenated method names: 'Dispose', 'i08tX9JXoT', 'XJ7hR73TIf', 'PauHHsfPNn', 'gfFt9cAgAi', 'BYotz6Sxdo', 'ProcessDialogKey', 'X5shvLISSP', 'ohdhtaCwaB', 'gsJhhyOUgf'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, c5Y8c6n5sI71Qvuwwp.csHigh entropy of concatenated method names: 'GVPDigVl1d', 'VD0DbJcopJ', 'JyqDMTxGTW', 'ptcDqRybUS', 'CA4DN2A3aR', 'p9CDp4rYFf', 'C4IDefg3C5', 'ppQDxIAK6S', 'ktkDFLN9OT', 'QUsD20YeV5'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, G08gi9ODyqoBDIN1WF.csHigh entropy of concatenated method names: 'iQ9JZkVSOW', 'iKQJ9iqIKB', 'A2hBv4npWf', 'IFhBtCSN8f', 'YDRJyBiahB', 'afiJs9b6Xx', 'uZJJVlINrC', 'cEtJWOVPYb', 'UHTJdGRhcl', 'F6SJoRvs6X'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, SMh4rQgY6x43YRmYFV.csHigh entropy of concatenated method names: 'FC8aUvV5hd', 'BBHawFONgQ', 'xtEaYpPUyJ', 'IqWaDjKd4s', 'O2Cajxusx9', 'otHYrZpWuv', 'p9PYOxjC3k', 'SDoYmTMAc1', 'ixSYZWFe43', 'qMMYXiFbmL'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, QVUBX2tvhFwCvTFCOOQ.csHigh entropy of concatenated method names: 'b0JQiOQW58', 'V21QbUW6M6', 'JntQM23U3M', 'UYnQqQUQsl', 'PbNQNTBYsv', 'iZyQpe5aH6', 'RBIQeX9N33', 'FdKQxr3BqY', 'FGFQFDuSMm', 'zfiQ2qvdWy'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, mEYVf2VAqOgA2uLtLV.csHigh entropy of concatenated method names: 'kZD8xlrFoH', 'vgd8FIaUce', 'dFI8g83fXD', 'k8l8RokNyg', 'iRK8fHmufT', 'Hiw87iTOGV', 'JNS8uNhCgb', 'drQ8kHmEXO', 'kqB8TOdoge', 'SHq8yBwQsJ'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, hwmPr6Abi1PQvOnGQ7.csHigh entropy of concatenated method names: 'PmftDiReqc', 'f0OtjBZHbF', 'Jkot4Zomtl', 'EU2tCKUG7j', 'xjFt5LfoMh', 'mrQtKY6x43', 'l2CtjgPXJKyWlgbOn2', 'bkexruKqd0aBKZC5st', 'OUIttuoU2G', 'gTytLFfn97'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, jblKSx1aPCVo8PiMOD.csHigh entropy of concatenated method names: 'telJ4dSWX4', 'W3uJCBOZGi', 'ToString', 'A5CJ6eauMl', 'CYlJwDZTbf', 'ioAJc6LUyY', 'pKpJYxSC28', 'ThlJaAWlLm', 'bS4JDifeUc', 'YprJjbxLbN'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, WOATJTRBeqWbBxBb04.csHigh entropy of concatenated method names: 'FGSCgVTGNb6cPHpYdlH', 'WWIe7PT9DZ9RUj6YEnH', 'SVgaBWamSk', 'OLjaQJ1Uwq', 'ay0aPHV9vL', 'vffFuAT7M0hCdRK28xv', 'GD0bVjTD563saAL3OUO', 'htDxAkTU1vEE2mixBU9'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, OOUgfu9fihgln4ub9V.csHigh entropy of concatenated method names: 'qMVQtmtqIZ', 'F00QL0QFTp', 'BSrQAIFHgA', 'sM1Q65g8dC', 'ommQwttkqF', 'U0IQYDAdQZ', 'K5dQa8UdkK', 'OaCBm3PJK9', 'I2SBZ6Mjkq', 'tYeBXcBCVd'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, IiReqcx60OBZHbFc1Z.csHigh entropy of concatenated method names: 'hyowWbmFxn', 'VKlwdlkj1s', 'qJnwo1cCon', 'E2kw1KTHo9', 'DMjwr7Mt8R', 'Sn9wOaWBra', 'pZQwmOjytG', 'qsywZZAalK', 'g9UwXRPMLH', 'sbTw9G3Z3v'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.b960000.6.raw.unpack, Q512M7FkoZomtlFU2K.csHigh entropy of concatenated method names: 'nUPcqLa54D', 'Aoicp6QDb7', 'wwjcxhbxCO', 'BTFcFsuPDN', 'WCUc5a87pY', 'oBQcKBLW3V', 'ItscJPZxMB', 'YaWcBQX9dH', 't6ocQsOOv5', 'TkjcP8Z0mJ'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, eG004UzD5ckWRQa819.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'aOTQ8uWrx9', 'wXRQ5rDQHJ', 'B5EQK5e2jm', 'DvcQJxnCY1', 'ugiQBAb4jJ', 'ag7QQnSgWn', 'sCbQP1WDkt'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, PLISSPX5hdaCwaBwsJ.csHigh entropy of concatenated method names: 'PpHBgVwGEL', 'h1XBRUB60o', 'Q3oB0KbH2b', 'yZUBfiootX', 'YchBWRIx4l', 'udnB7V2Dvp', 'Next', 'Next', 'Next', 'NextBytes'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, LoeuMlhTo3TITZsZx6.csHigh entropy of concatenated method names: 'dbbMeghbE', 'JbLqlWMQW', 'Kt0p97tZL', 'EIrekFXGn', 'O0bFD6TgT', 'BIW2vxbcH', 's9Tw0WnkLo4WoTvqBU', 'O8ZwcGl0TZk4epV5D1', 'ilkBw0fI1', 'lSoPj6xMl'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, IFcAgAZipYo6SxdoX5.csHigh entropy of concatenated method names: 'JSLB6lKsXb', 'pF8BwsceTG', 'bcGBct44st', 'Fc9BYrkRqu', 'ugOBaLyTZ4', 'Gi9BDYK393', 'gDcBjFvqd3', 'JuEBlV6rhF', 'HYpB4ng7gd', 'pA1BCnADKW'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, k1imPItLqbSxLeaFk8H.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'CDxPWiHhP7', 'EXLPdPmT7b', 'OutPo7SZ1k', 'LCcP1Hx1C9', 'O69PrqljTv', 'GUWPOOxbZw', 'xQkPmguqCv'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, QvXfi1jDSpws3hGgjI.csHigh entropy of concatenated method names: 'k8NLUFSwQF', 'sJZL65jolG', 'WKvLwv6DS7', 'OKvLcIhgFF', 'nntLYxLnII', 'bV6LaCQqV0', 'vl0LDA5Xdg', 'dFCLjWdbGd', 'KcXLlkOyLv', 'angL47MNuV'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, JS4Jihw3vPeMflbnCM.csHigh entropy of concatenated method names: 'Dispose', 'i08tX9JXoT', 'XJ7hR73TIf', 'PauHHsfPNn', 'gfFt9cAgAi', 'BYotz6Sxdo', 'ProcessDialogKey', 'X5shvLISSP', 'ohdhtaCwaB', 'gsJhhyOUgf'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, c5Y8c6n5sI71Qvuwwp.csHigh entropy of concatenated method names: 'GVPDigVl1d', 'VD0DbJcopJ', 'JyqDMTxGTW', 'ptcDqRybUS', 'CA4DN2A3aR', 'p9CDp4rYFf', 'C4IDefg3C5', 'ppQDxIAK6S', 'ktkDFLN9OT', 'QUsD20YeV5'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, G08gi9ODyqoBDIN1WF.csHigh entropy of concatenated method names: 'iQ9JZkVSOW', 'iKQJ9iqIKB', 'A2hBv4npWf', 'IFhBtCSN8f', 'YDRJyBiahB', 'afiJs9b6Xx', 'uZJJVlINrC', 'cEtJWOVPYb', 'UHTJdGRhcl', 'F6SJoRvs6X'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, SMh4rQgY6x43YRmYFV.csHigh entropy of concatenated method names: 'FC8aUvV5hd', 'BBHawFONgQ', 'xtEaYpPUyJ', 'IqWaDjKd4s', 'O2Cajxusx9', 'otHYrZpWuv', 'p9PYOxjC3k', 'SDoYmTMAc1', 'ixSYZWFe43', 'qMMYXiFbmL'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, QVUBX2tvhFwCvTFCOOQ.csHigh entropy of concatenated method names: 'b0JQiOQW58', 'V21QbUW6M6', 'JntQM23U3M', 'UYnQqQUQsl', 'PbNQNTBYsv', 'iZyQpe5aH6', 'RBIQeX9N33', 'FdKQxr3BqY', 'FGFQFDuSMm', 'zfiQ2qvdWy'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, mEYVf2VAqOgA2uLtLV.csHigh entropy of concatenated method names: 'kZD8xlrFoH', 'vgd8FIaUce', 'dFI8g83fXD', 'k8l8RokNyg', 'iRK8fHmufT', 'Hiw87iTOGV', 'JNS8uNhCgb', 'drQ8kHmEXO', 'kqB8TOdoge', 'SHq8yBwQsJ'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, hwmPr6Abi1PQvOnGQ7.csHigh entropy of concatenated method names: 'PmftDiReqc', 'f0OtjBZHbF', 'Jkot4Zomtl', 'EU2tCKUG7j', 'xjFt5LfoMh', 'mrQtKY6x43', 'l2CtjgPXJKyWlgbOn2', 'bkexruKqd0aBKZC5st', 'OUIttuoU2G', 'gTytLFfn97'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, jblKSx1aPCVo8PiMOD.csHigh entropy of concatenated method names: 'telJ4dSWX4', 'W3uJCBOZGi', 'ToString', 'A5CJ6eauMl', 'CYlJwDZTbf', 'ioAJc6LUyY', 'pKpJYxSC28', 'ThlJaAWlLm', 'bS4JDifeUc', 'YprJjbxLbN'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, WOATJTRBeqWbBxBb04.csHigh entropy of concatenated method names: 'FGSCgVTGNb6cPHpYdlH', 'WWIe7PT9DZ9RUj6YEnH', 'SVgaBWamSk', 'OLjaQJ1Uwq', 'ay0aPHV9vL', 'vffFuAT7M0hCdRK28xv', 'GD0bVjTD563saAL3OUO', 'htDxAkTU1vEE2mixBU9'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, OOUgfu9fihgln4ub9V.csHigh entropy of concatenated method names: 'qMVQtmtqIZ', 'F00QL0QFTp', 'BSrQAIFHgA', 'sM1Q65g8dC', 'ommQwttkqF', 'U0IQYDAdQZ', 'K5dQa8UdkK', 'OaCBm3PJK9', 'I2SBZ6Mjkq', 'tYeBXcBCVd'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, IiReqcx60OBZHbFc1Z.csHigh entropy of concatenated method names: 'hyowWbmFxn', 'VKlwdlkj1s', 'qJnwo1cCon', 'E2kw1KTHo9', 'DMjwr7Mt8R', 'Sn9wOaWBra', 'pZQwmOjytG', 'qsywZZAalK', 'g9UwXRPMLH', 'sbTw9G3Z3v'
              Source: 0.2.z17Mz7zumpwTUMRxyS.exe.4967340.1.raw.unpack, Q512M7FkoZomtlFU2K.csHigh entropy of concatenated method names: 'nUPcqLa54D', 'Aoicp6QDb7', 'wwjcxhbxCO', 'BTFcFsuPDN', 'WCUc5a87pY', 'oBQcKBLW3V', 'ItscJPZxMB', 'YaWcBQX9dH', 't6ocQsOOv5', 'TkjcP8Z0mJ'
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeMemory allocated: 1150000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeMemory allocated: 2F10000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeMemory allocated: 2D80000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeMemory allocated: 9530000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeMemory allocated: 7ED0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeMemory allocated: A530000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeMemory allocated: B530000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeMemory allocated: B9D0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeMemory allocated: C9D0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeMemory allocated: D9D0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeMemory allocated: 1860000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeMemory allocated: 3360000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeMemory allocated: 31B0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 599875Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 599766Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 599656Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 599547Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 599438Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 599314Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 599188Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 599078Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 598969Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 598859Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 598750Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 598641Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 598531Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 598422Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 598274Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 598167Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 597988Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 597867Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 597750Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 597641Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 597531Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 597420Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 597297Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 597187Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 597078Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 596969Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 596859Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 596750Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 596641Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 596531Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 596422Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 596313Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 596202Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 596093Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 595984Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 595875Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 595765Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 595656Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 595547Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 595438Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 595313Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 595188Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 595063Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 594938Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 594828Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 594719Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 594594Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 594484Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 594375Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeWindow / User API: threadDelayed 3018Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeWindow / User API: threadDelayed 6832Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 2184Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep count: 33 > 30Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -30437127721620741s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -600000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -599875s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4828Thread sleep count: 3018 > 30Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4828Thread sleep count: 6832 > 30Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -599766s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -599656s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -599547s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -599438s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -599314s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -599188s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -599078s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -598969s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -598859s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -598750s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -598641s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -598531s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -598422s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -598274s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -598167s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -597988s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -597867s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -597750s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -597641s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -597531s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -597420s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -597297s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -597187s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -597078s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -596969s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -596859s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -596750s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -596641s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -596531s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -596422s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -596313s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -596202s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -596093s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -595984s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -595875s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -595765s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -595656s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -595547s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -595438s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -595313s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -595188s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -595063s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -594938s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -594828s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -594719s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -594594s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -594484s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe TID: 4544Thread sleep time: -594375s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 599875Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 599766Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 599656Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 599547Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 599438Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 599314Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 599188Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 599078Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 598969Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 598859Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 598750Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 598641Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 598531Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 598422Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 598274Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 598167Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 597988Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 597867Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 597750Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 597641Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 597531Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 597420Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 597297Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 597187Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 597078Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 596969Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 596859Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 596750Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 596641Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 596531Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 596422Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 596313Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 596202Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 596093Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 595984Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 595875Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 595765Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 595656Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 595547Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 595438Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 595313Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 595188Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 595063Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 594938Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 594828Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 594719Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 594594Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 594484Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeThread delayed: delay time: 594375Jump to behavior
              Source: z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591025429.00000000014D6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Injects a PE file into a foreign processes
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeMemory written: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess created: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe "C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe"Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeProcess created: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe "C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe"Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeQueries volume information: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeQueries volume information: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected Snake Keylogger
              Source: Yara matchFile source: 4.2.z17Mz7zumpwTUMRxyS.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.4591851679.000000000352F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2160046971.0000000004A0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.4591851679.0000000003361000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: z17Mz7zumpwTUMRxyS.exe PID: 6368, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: z17Mz7zumpwTUMRxyS.exe PID: 5712, type: MEMORYSTR
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
              Source: C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: Yara matchFile source: 4.2.z17Mz7zumpwTUMRxyS.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2160046971.0000000004A0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: z17Mz7zumpwTUMRxyS.exe PID: 6368, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: z17Mz7zumpwTUMRxyS.exe PID: 5712, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected Snake Keylogger
              Source: Yara matchFile source: 4.2.z17Mz7zumpwTUMRxyS.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a2b038.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.z17Mz7zumpwTUMRxyS.exe.4a0a618.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.4591851679.000000000352F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2160046971.0000000004A0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.4591851679.0000000003361000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: z17Mz7zumpwTUMRxyS.exe PID: 6368, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: z17Mz7zumpwTUMRxyS.exe PID: 5712, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              DLL Side-Loading              		111
              Process Injection              		1
              Masquerading              		1
              OS Credential Dumping              		1
              Query Registry              		Remote Services1
              Email Collection              		11
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              DLL Side-Loading              		1
              Disable or Modify Tools              		LSASS Memory1
              Security Software Discovery              		Remote Desktop Protocol11
              Archive Collected Data              		1
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
              Virtualization/Sandbox Evasion              		Security Account Manager1
              Process Discovery              		SMB/Windows Admin Shares1
              Data from Local System              		2
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
              Process Injection              		NTDS31
              Virtualization/Sandbox Evasion              		Distributed Component Object ModelInput Capture13
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Deobfuscate/Decode Files or Information              		LSA Secrets1
              Application Window Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts31
              Obfuscated Files or Information              		Cached Domain Credentials1
              System Network Configuration Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
              Software Packing              		DCSync13
              System Information Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              DLL Side-Loading              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              z17Mz7zumpwTUMRxyS.exe32%ReversingLabs
              z17Mz7zumpwTUMRxyS.exe100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://reallyfreegeoip.org0%URL Reputationsafe
              http://checkip.dyndns.org0%URL Reputationsafe
              http://checkip.dyndns.org/0%URL Reputationsafe
              http://checkip.dyndns.com0%URL Reputationsafe
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
              http://checkip.dyndns.org/q0%URL Reputationsafe
              http://reallyfreegeoip.org0%URL Reputationsafe
              https://reallyfreegeoip.org/xml/0%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              reallyfreegeoip.org
              		188.114.96.3
              		truetrue
                		unknown
                checkip.dyndns.com
                		132.226.247.73
                		truefalse
                  		unknown
                  checkip.dyndns.org
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://checkip.dyndns.org/false
                    • URL Reputation: safe
                    		unknown
                    https://reallyfreegeoip.org/xml/173.254.250.77false
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://reallyfreegeoip.orgz17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003512000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034BB000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003521000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.000000000346A000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034C8000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034E5000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003427000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://reallyfreegeoip.orgXz17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034C8000.00000004.00000800.00020000.00000000.sdmpfalse
                        		unknown
                        https://reallyfreegeoip.org/xml/173.254.250.77$z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003512000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034BB000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003521000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.000000000346A000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034C8000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034E5000.00000004.00000800.00020000.00000000.sdmpfalse
                          		unknown
                          http://checkip.dyndns.orgz17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003418000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003512000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034BB000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034F3000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003521000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.000000000346A000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034C8000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034E5000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003427000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://checkip.dyndns.comz17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003512000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034BB000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003521000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034C8000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034E5000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003427000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namez17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003361000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://checkip.dyndns.org/qz17Mz7zumpwTUMRxyS.exe, 00000000.00000002.2160046971.0000000004A0A000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://reallyfreegeoip.orgz17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003512000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034BB000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003521000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034C8000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.00000000034E5000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.000000000343F000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://reallyfreegeoip.org/xml/z17Mz7zumpwTUMRxyS.exe, 00000000.00000002.2160046971.0000000004A0A000.00000004.00000800.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, z17Mz7zumpwTUMRxyS.exe, 00000004.00000002.4591851679.0000000003427000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          188.114.96.3
                          		reallyfreegeoip.orgEuropean Union
                          		13335CLOUDFLARENETUStrue
                          132.226.247.73
                          		checkip.dyndns.comUnited States
                          		16989UTMEMUSfalse

                          General Information

                          Joe Sandbox version:41.0.0 Charoite
                          Analysis ID:1546298
                          Start date and time:2024-10-31 18:31:06 +01:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 7m 48s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:10
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:z17Mz7zumpwTUMRxyS.exe
                          Detection:MAL
                          Classification:mal100.troj.spyw.evad.winEXE@5/1@2/2
                          EGA Information:
                          • Successful, ratio: 50%
                          HCA Information:
                          • Successful, ratio: 99%
                          • Number of executed functions: 213
                          • Number of non-executed functions: 17
                          Cookbook Comments:
                          • Found application associated with file extension: .exe
                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                          Warnings

                          • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                          • Execution Graph export aborted for target z17Mz7zumpwTUMRxyS.exe, PID 5712 because it is empty
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                          • VT rate limit hit for: z17Mz7zumpwTUMRxyS.exe

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          13:31:56API Interceptor12066297x Sleep call for process: z17Mz7zumpwTUMRxyS.exe modified

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          188.114.96.3Lana_Rhoades_Photoos.jsGet hashmaliciousUnknownBrowse
                          • paste.ee/d/ciuNW
                          PO-000172483 (2).exeGet hashmaliciousFormBook, GuLoaderBrowse
                          • www.launchdreamidea.xyz/2b9b/
                          VfKk5EmvwW.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                          • 083098cm.n9shteam.in/vmBase.php
                          Payment Slip_SJJ023639#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                          • filetransfer.io/data-package/CEqTVkxM/download
                          0JLWNg4Sz1.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                          • 977255cm.nyashkoon.in/secureWindows.php
                          zxalphamn.docGet hashmaliciousLokibotBrowse
                          • touxzw.ir/alpha2/five/fre.php
                          QUOTATION_OCTQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                          • filetransfer.io/data-package/jI82Ms6K/download
                          9D7RwuJrth.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                          • 304773cm.n9shteam.in/jscpuGamegeneratorprivate.php
                          DBUfLVzZhf.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                          • xilloolli.com/api.php?status=1&wallets=0&av=1
                          R5AREmpD4S.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                          • xilloolli.com/api.php?status=1&wallets=0&av=1
                          132.226.247.73RFQ Q700mm CB St44 PN20 e=5.6 mm TSEN 10217-1 #U7edd#U7f18#U94a2#U7ba1#Uff1a200 #U7c73.exeGet hashmaliciousMassLogger RATBrowse
                          • checkip.dyndns.org/
                          24602711 Inv_Or.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                          • checkip.dyndns.org/
                          hesaphareketi-01.exeGet hashmaliciousMassLogger RATBrowse
                          • checkip.dyndns.org/
                          PRESUPUESTO DE NOVIEMBRE...exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • checkip.dyndns.org/
                          Purchase Order 17025.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                          • checkip.dyndns.org/
                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • checkip.dyndns.org/
                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • checkip.dyndns.org/
                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • checkip.dyndns.org/
                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • checkip.dyndns.org/
                          ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                          • checkip.dyndns.org/

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          reallyfreegeoip.orgINVOICE ATTACHMENT.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                          • 188.114.96.3
                          Y2EM7suNV5.exeGet hashmaliciousMassLogger RATBrowse
                          • 188.114.97.3
                          RFQ Proposals ADC-24-65.exeGet hashmaliciousMassLogger RATBrowse
                          • 188.114.97.3
                          RFQ Q700mm CB St44 PN20 e=5.6 mm TSEN 10217-1 #U7edd#U7f18#U94a2#U7ba1#Uff1a200 #U7c73.exeGet hashmaliciousMassLogger RATBrowse
                          • 188.114.97.3
                          MB267382625AE.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                          • 188.114.97.3
                          Payment Receipt.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • 188.114.96.3
                          Product Inquiry-002.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • 188.114.96.3
                          Quotation enquiry.exeGet hashmaliciousUnknownBrowse
                          • 188.114.97.3
                          Pedido de Cota#U00e7#U00e3o -RFQ20241030_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                          • 188.114.96.3
                          200716 SUMI SAUJANA Water Pump 100%.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                          • 188.114.96.3
                          checkip.dyndns.comINVOICE ATTACHMENT.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                          • 132.226.8.169
                          Y2EM7suNV5.exeGet hashmaliciousMassLogger RATBrowse
                          • 132.226.8.169
                          RFQ Proposals ADC-24-65.exeGet hashmaliciousMassLogger RATBrowse
                          • 132.226.8.169
                          RFQ Q700mm CB St44 PN20 e=5.6 mm TSEN 10217-1 #U7edd#U7f18#U94a2#U7ba1#Uff1a200 #U7c73.exeGet hashmaliciousMassLogger RATBrowse
                          • 132.226.247.73
                          MB267382625AE.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                          • 132.226.8.169
                          Payment Receipt.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • 158.101.44.242
                          Product Inquiry-002.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • 158.101.44.242
                          Quotation enquiry.exeGet hashmaliciousUnknownBrowse
                          • 132.226.8.169
                          Pedido de Cota#U00e7#U00e3o -RFQ20241030_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                          • 158.101.44.242
                          200716 SUMI SAUJANA Water Pump 100%.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                          • 193.122.130.0

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                          • 104.21.33.140
                          file.exeGet hashmaliciousLummaCBrowse
                          • 104.21.33.140
                          https://s3.timeweb.cloud/d2247a8d-ceb09c71-57ee-4411-a590-e4de8ca5cf86/Contract/contract.htm#andrew.wise@arrowbank.comGet hashmaliciousHTMLPhisherBrowse
                          • 104.17.201.1
                          https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                          • 172.67.68.212
                          https://0nmdby.data--8.co.uk/oGRApYgsGet hashmaliciousUnknownBrowse
                          • 172.67.212.158
                          https://flaviarc.com/sphp%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/index.phpGet hashmaliciousHTMLPhisherBrowse
                          • 1.1.1.1
                          Lana_Rhoades_Photoos.jsGet hashmaliciousUnknownBrowse
                          • 188.114.96.3
                          https://usps.com-trackrsm.top/lGet hashmaliciousUnknownBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousLummaCBrowse
                          • 188.114.97.3
                          file.exeGet hashmaliciousNetSupport RATBrowse
                          • 172.67.68.212
                          UTMEMUSINVOICE ATTACHMENT.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                          • 132.226.8.169
                          RFQ Proposals ADC-24-65.exeGet hashmaliciousMassLogger RATBrowse
                          • 132.226.8.169
                          RFQ Q700mm CB St44 PN20 e=5.6 mm TSEN 10217-1 #U7edd#U7f18#U94a2#U7ba1#Uff1a200 #U7c73.exeGet hashmaliciousMassLogger RATBrowse
                          • 132.226.247.73
                          MB267382625AE.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                          • 132.226.8.169
                          Quotation enquiry.exeGet hashmaliciousUnknownBrowse
                          • 132.226.8.169
                          N#U00b0 DE PEDIDO DE ABARROTES DE NOVIEMBRE 2024.exeGet hashmaliciousSnake KeyloggerBrowse
                          • 132.226.8.169
                          24602711 Inv_Or.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                          • 132.226.247.73
                          MP2318GJ-P 18000pcs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • 132.226.8.169
                          hesaphareketi-01.exeGet hashmaliciousMassLogger RATBrowse
                          • 132.226.247.73
                          PRESUPUESTO DE NOVIEMBRE...exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • 132.226.247.73

                          JA3 Fingerprints

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          54328bd36c14bd82ddaa0c04b25ed9adINVOICE ATTACHMENT.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                          • 188.114.96.3
                          RFQ Proposals ADC-24-65.exeGet hashmaliciousMassLogger RATBrowse
                          • 188.114.96.3
                          RFQ Q700mm CB St44 PN20 e=5.6 mm TSEN 10217-1 #U7edd#U7f18#U94a2#U7ba1#Uff1a200 #U7c73.exeGet hashmaliciousMassLogger RATBrowse
                          • 188.114.96.3
                          MB267382625AE.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                          • 188.114.96.3
                          Payment Receipt.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • 188.114.96.3
                          Product Inquiry-002.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • 188.114.96.3
                          Quotation enquiry.exeGet hashmaliciousUnknownBrowse
                          • 188.114.96.3
                          Pedido de Cota#U00e7#U00e3o -RFQ20241030_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                          • 188.114.96.3
                          200716 SUMI SAUJANA Water Pump 100%.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                          • 188.114.96.3
                          Eprdtdrqbr.exeGet hashmaliciousSnake KeyloggerBrowse
                          • 188.114.96.3

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\z17Mz7zumpwTUMRxyS.exe.log

                          Download File
                          Process:C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1216
                          Entropy (8bit):5.34331486778365
                          Encrypted:false
                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                          Malicious:true
                          Reputation:high, very likely benign file
                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                          Static File Info

                          General

                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                          Entropy (8bit):7.633026498789311
                          TrID:
                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                          • Win32 Executable (generic) a (10002005/4) 49.75%
                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                          • Windows Screen Saver (13104/52) 0.07%
                          • Generic Win/DOS Executable (2004/3) 0.01%
                          File name:z17Mz7zumpwTUMRxyS.exe
                          File size:694'272 bytes
                          MD5:337574f09ff0a772aedbd6f7c2064496
                          SHA1:f24b5b9369763cc23758407fa1729294750d8e5e
                          SHA256:96bfa7096fb76234a5774f70dc444d719c7553ac83db00fdbb04c1eec318d4c4
                          SHA512:2cf83e21895266cf05e65bc4934c09c8aba59fe9a1db62b07ec2dd4e463d5a4555d46c1e1ae74447c7c5e120885d72027ec763fb32634ba63441ef9e519d3d26
                          SSDEEP:12288:tn9Inte+7jOOIQ7vCSfm5F28BaaiR+fzszuSFtQhU1atc2/Q4AyrrRPdw:tK7tIS8QaikfgqSFtcUUa2o4JPd
                          TLSH:B5E4ADD03A367B16DEA54BB5A159CDB543B22968B041FAE61DCD3BCB349C710AE08F03
                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....#g..............0..n...(........... ........@.. ....................................@................................

                          File Icon

                          Icon Hash:cd7050787870e4d2

                          Static PE Info

                          General

                          Entrypoint:0x4a8d0a
                          Entrypoint Section:.text
                          Digitally signed:false
                          Imagebase:0x400000
                          Subsystem:windows gui
                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Time Stamp:0x672398E1 [Thu Oct 31 14:49:05 2024 UTC]
                          TLS Callbacks:
                          CLR (.Net) Version:
                          OS Version Major:4
                          OS Version Minor:0
                          File Version Major:4
                          File Version Minor:0
                          Subsystem Version Major:4
                          Subsystem Version Minor:0
                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                          Entrypoint Preview

                          Instruction
                          jmp dword ptr [00402000h]
                          push ebx
                          add byte ptr [ecx+00h], bh
                          jnc 00007F4139843A62h
                          je 00007F4139843A62h
                          add byte ptr [ebp+00h], ch
                          add byte ptr [ecx+00h], al
                          arpl word ptr [eax], ax
                          je 00007F4139843A62h
                          imul eax, dword ptr [eax], 00610076h
                          je 00007F4139843A62h
                          outsd
                          add byte ptr [edx+00h], dh
                          inc edx
                          add byte ptr [ecx+00h], ah
                          jc 00007F4139843A62h
                          bound eax, dword ptr [eax]
                          add byte ptr [edx+00h], dh
                          jnc 00007F4139843A62h
                          push 70006F00h
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al

                          Data Directories

                          NameVirtual AddressVirtual Size Is in Section
                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IMPORT0xa8cb80x4f.text
                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xaa0000x25a4.rsrc
                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xae0000xc.reloc
                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                          Sections

                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                          .text0x20000xa6d480xa6e00e22e41d0b5a5a8b38b153cf55bd660dcFalse0.8211595856741573data7.635987509883049IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          .rsrc0xaa0000x25a40x26009908bfb3061a484fe0c6ec7051f67892False0.8831208881578947data7.563221678049181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .reloc0xae0000xc0x200c1e56e0711916495bf20b0aa86e088a7False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                          Resources

                          NameRVASizeTypeLanguageCountryZLIB Complexity
                          RT_ICON0xaa0c80x2185PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9455774385269782
                          RT_GROUP_ICON0xac2600x14data1.05
                          RT_VERSION0xac2840x31cdata0.4472361809045226

                          Imports

                          DLLImport
                          mscoree.dll_CorExeMain

                          Network Behavior

                          Suricata IDS Alerts

                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                          2024-10-31T18:32:01.123067+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649711132.226.247.7380TCP
                          2024-10-31T18:32:02.904246+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649711132.226.247.7380TCP
                          2024-10-31T18:32:03.632627+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649716188.114.96.3443TCP
                          2024-10-31T18:32:04.533073+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649717132.226.247.7380TCP
                          2024-10-31T18:32:05.307474+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649719188.114.96.3443TCP
                          2024-10-31T18:32:10.246567+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649741188.114.96.3443TCP
                          2024-10-31T18:32:11.963672+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649754188.114.96.3443TCP
                          2024-10-31T18:32:14.872953+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.649767TCP
                          2024-10-31T18:32:52.746498+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.649967TCP

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Oct 31, 2024 18:31:59.878257990 CET4971180192.168.2.6132.226.247.73
                          Oct 31, 2024 18:31:59.883162975 CET8049711132.226.247.73192.168.2.6
                          Oct 31, 2024 18:31:59.883222103 CET4971180192.168.2.6132.226.247.73
                          Oct 31, 2024 18:31:59.883579016 CET4971180192.168.2.6132.226.247.73
                          Oct 31, 2024 18:31:59.888415098 CET8049711132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:00.776937008 CET8049711132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:00.785593987 CET4971180192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:00.790491104 CET8049711132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:01.068979979 CET8049711132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:01.123066902 CET4971180192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:01.151045084 CET49714443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:01.151092052 CET44349714188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:01.151161909 CET49714443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:01.185940027 CET49714443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:01.185971022 CET44349714188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:01.808578014 CET44349714188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:01.808641911 CET49714443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:01.819694996 CET49714443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:01.819715977 CET44349714188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:01.820082903 CET44349714188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:01.873003960 CET49714443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:02.394606113 CET49714443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:02.435322046 CET44349714188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:02.542526960 CET44349714188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:02.542618990 CET44349714188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:02.542660952 CET49714443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:02.576433897 CET49714443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:02.589793921 CET4971180192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:02.594738007 CET8049711132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:02.850230932 CET8049711132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:02.852545023 CET49716443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:02.852597952 CET44349716188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:02.852667093 CET49716443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:02.852984905 CET49716443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:02.853001118 CET44349716188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:02.904246092 CET4971180192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:03.480124950 CET44349716188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:03.482984066 CET49716443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:03.483006001 CET44349716188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:03.632644892 CET44349716188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:03.632766962 CET44349716188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:03.632807970 CET49716443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:03.633238077 CET49716443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:03.637222052 CET4971180192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:03.638364077 CET4971780192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:03.642959118 CET8049711132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:03.643013954 CET4971180192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:03.644535065 CET8049717132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:03.644635916 CET4971780192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:03.644764900 CET4971780192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:03.650567055 CET8049717132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:04.532736063 CET8049717132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:04.533072948 CET4971780192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:04.534082890 CET49719443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:04.534133911 CET44349719188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:04.534295082 CET49719443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:04.535295963 CET49719443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:04.535309076 CET44349719188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:04.538408995 CET8049717132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:04.538889885 CET4971780192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:05.153172016 CET44349719188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:05.154869080 CET49719443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:05.154896975 CET44349719188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:05.307466984 CET44349719188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:05.307575941 CET44349719188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:05.307631969 CET49719443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:05.308151960 CET49719443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:05.312638044 CET4972180192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:05.317538023 CET8049721132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:05.317646980 CET4972180192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:05.322515965 CET4972180192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:05.327480078 CET8049721132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:06.188467026 CET8049721132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:06.189902067 CET49722443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:06.189996004 CET44349722188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:06.190079927 CET49722443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:06.190383911 CET49722443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:06.190421104 CET44349722188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:06.232430935 CET4972180192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:06.805803061 CET44349722188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:06.810937881 CET49722443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:06.810977936 CET44349722188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:06.952686071 CET44349722188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:06.952790976 CET44349722188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:06.952847004 CET49722443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:06.953433037 CET49722443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:06.961035013 CET4972180192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:06.962033987 CET4972380192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:06.966468096 CET8049721132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:06.966548920 CET4972180192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:06.966969967 CET8049723132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:06.967040062 CET4972380192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:06.967170000 CET4972380192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:06.971940994 CET8049723132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:07.837975025 CET8049723132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:07.839565992 CET49729443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:07.839622021 CET44349729188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:07.839688063 CET49729443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:07.839946032 CET49729443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:07.839962959 CET44349729188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:07.888623953 CET4972380192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:08.436996937 CET44349729188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:08.438476086 CET49729443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:08.438519955 CET44349729188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:08.587148905 CET44349729188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:08.587229013 CET44349729188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:08.587317944 CET49729443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:08.587863922 CET49729443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:08.591304064 CET4972380192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:08.592802048 CET4973580192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:08.596647978 CET8049723132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:08.596729040 CET4972380192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:08.597628117 CET8049735132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:08.597696066 CET4973580192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:08.597795010 CET4973580192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:08.602555037 CET8049735132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:09.466490984 CET8049735132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:09.482175112 CET49741443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:09.482237101 CET44349741188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:09.482415915 CET49741443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:09.490153074 CET49741443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:09.490174055 CET44349741188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:09.513787985 CET4973580192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:10.097305059 CET44349741188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:10.098870039 CET49741443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:10.098918915 CET44349741188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:10.246562958 CET44349741188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:10.246681929 CET44349741188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:10.246776104 CET49741443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:10.247267962 CET49741443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:10.251638889 CET4973580192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:10.252264977 CET4974880192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:10.257395983 CET8049735132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:10.257483006 CET4973580192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:10.257503033 CET8049748132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:10.257570982 CET4974880192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:10.257663965 CET4974880192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:10.262473106 CET8049748132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:11.134058952 CET8049748132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:11.135404110 CET49754443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:11.135453939 CET44349754188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:11.135514975 CET49754443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:11.135749102 CET49754443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:11.135762930 CET44349754188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:11.185641050 CET4974880192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:11.778820992 CET44349754188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:11.780550003 CET49754443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:11.780586958 CET44349754188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:11.963665009 CET44349754188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:11.963757992 CET44349754188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:11.963809967 CET49754443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:11.964782000 CET49754443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:11.969882011 CET4974880192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:11.971522093 CET4975980192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:11.975552082 CET8049748132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:11.975636005 CET4974880192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:11.976397991 CET8049759132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:11.976469994 CET4975980192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:11.976705074 CET4975980192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:11.981602907 CET8049759132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:12.850259066 CET8049759132.226.247.73192.168.2.6
                          Oct 31, 2024 18:32:12.851520061 CET49765443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:12.851625919 CET44349765188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:12.851705074 CET49765443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:12.851922035 CET49765443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:12.851953983 CET44349765188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:12.904274940 CET4975980192.168.2.6132.226.247.73
                          Oct 31, 2024 18:32:13.475801945 CET44349765188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:13.477448940 CET49765443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:13.477488041 CET44349765188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:13.628209114 CET44349765188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:13.628312111 CET44349765188.114.96.3192.168.2.6
                          Oct 31, 2024 18:32:13.628442049 CET49765443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:32:13.628900051 CET49765443192.168.2.6188.114.96.3
                          Oct 31, 2024 18:33:17.990256071 CET8049759132.226.247.73192.168.2.6
                          Oct 31, 2024 18:33:17.990343094 CET4975980192.168.2.6132.226.247.73
                          Oct 31, 2024 18:33:52.857906103 CET4975980192.168.2.6132.226.247.73
                          Oct 31, 2024 18:33:52.862929106 CET8049759132.226.247.73192.168.2.6

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Oct 31, 2024 18:31:59.863300085 CET5157253192.168.2.61.1.1.1
                          Oct 31, 2024 18:31:59.870628119 CET53515721.1.1.1192.168.2.6
                          Oct 31, 2024 18:32:01.142075062 CET5912853192.168.2.61.1.1.1
                          Oct 31, 2024 18:32:01.150384903 CET53591281.1.1.1192.168.2.6

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Oct 31, 2024 18:31:59.863300085 CET192.168.2.61.1.1.10x9047Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                          Oct 31, 2024 18:32:01.142075062 CET192.168.2.61.1.1.10x91ebStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Oct 31, 2024 18:31:59.870628119 CET1.1.1.1192.168.2.60x9047No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                          Oct 31, 2024 18:31:59.870628119 CET1.1.1.1192.168.2.60x9047No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                          Oct 31, 2024 18:31:59.870628119 CET1.1.1.1192.168.2.60x9047No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                          Oct 31, 2024 18:31:59.870628119 CET1.1.1.1192.168.2.60x9047No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                          Oct 31, 2024 18:31:59.870628119 CET1.1.1.1192.168.2.60x9047No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                          Oct 31, 2024 18:31:59.870628119 CET1.1.1.1192.168.2.60x9047No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                          Oct 31, 2024 18:32:01.150384903 CET1.1.1.1192.168.2.60x91ebNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                          Oct 31, 2024 18:32:01.150384903 CET1.1.1.1192.168.2.60x91ebNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false

                          HTTP Request Dependency Graph

                          • reallyfreegeoip.org
                          • checkip.dyndns.org

                          HTTP Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.649711132.226.247.73805712C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          TimestampBytes transferredDirectionData
                          Oct 31, 2024 18:31:59.883579016 CET151OUTGET / HTTP/1.1
                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                          Host: checkip.dyndns.org
                          Connection: Keep-Alive
                          Oct 31, 2024 18:32:00.776937008 CET323INHTTP/1.1 200 OK
                          Date: Thu, 31 Oct 2024 17:32:00 GMT
                          Content-Type: text/html
                          Content-Length: 106
                          Connection: keep-alive
                          Cache-Control: no-cache
                          Pragma: no-cache
                          X-Request-ID: 1728a4f7c0da6906e473c119e2b0288d
                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.77</body></html>
                          Oct 31, 2024 18:32:00.785593987 CET127OUTGET / HTTP/1.1
                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                          Host: checkip.dyndns.org
                          Oct 31, 2024 18:32:01.068979979 CET323INHTTP/1.1 200 OK
                          Date: Thu, 31 Oct 2024 17:32:00 GMT
                          Content-Type: text/html
                          Content-Length: 106
                          Connection: keep-alive
                          Cache-Control: no-cache
                          Pragma: no-cache
                          X-Request-ID: c8d3d0b0ece5a4b3826334216e1507e8
                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.77</body></html>
                          Oct 31, 2024 18:32:02.589793921 CET127OUTGET / HTTP/1.1
                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                          Host: checkip.dyndns.org
                          Oct 31, 2024 18:32:02.850230932 CET323INHTTP/1.1 200 OK
                          Date: Thu, 31 Oct 2024 17:32:02 GMT
                          Content-Type: text/html
                          Content-Length: 106
                          Connection: keep-alive
                          Cache-Control: no-cache
                          Pragma: no-cache
                          X-Request-ID: c34ad27f11f25108d88fdd121c93fec3
                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.77</body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          1192.168.2.649717132.226.247.73805712C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          TimestampBytes transferredDirectionData
                          Oct 31, 2024 18:32:03.644764900 CET127OUTGET / HTTP/1.1
                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                          Host: checkip.dyndns.org
                          Oct 31, 2024 18:32:04.532736063 CET323INHTTP/1.1 200 OK
                          Date: Thu, 31 Oct 2024 17:32:04 GMT
                          Content-Type: text/html
                          Content-Length: 106
                          Connection: keep-alive
                          Cache-Control: no-cache
                          Pragma: no-cache
                          X-Request-ID: 5308b03ce2f8b0dfe248f9ab208d2a50
                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.77</body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          2192.168.2.649721132.226.247.73805712C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          TimestampBytes transferredDirectionData
                          Oct 31, 2024 18:32:05.322515965 CET151OUTGET / HTTP/1.1
                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                          Host: checkip.dyndns.org
                          Connection: Keep-Alive
                          Oct 31, 2024 18:32:06.188467026 CET323INHTTP/1.1 200 OK
                          Date: Thu, 31 Oct 2024 17:32:06 GMT
                          Content-Type: text/html
                          Content-Length: 106
                          Connection: keep-alive
                          Cache-Control: no-cache
                          Pragma: no-cache
                          X-Request-ID: a4b35a4f05994757595074b7420e403c
                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.77</body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          3192.168.2.649723132.226.247.73805712C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          TimestampBytes transferredDirectionData
                          Oct 31, 2024 18:32:06.967170000 CET151OUTGET / HTTP/1.1
                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                          Host: checkip.dyndns.org
                          Connection: Keep-Alive
                          Oct 31, 2024 18:32:07.837975025 CET323INHTTP/1.1 200 OK
                          Date: Thu, 31 Oct 2024 17:32:07 GMT
                          Content-Type: text/html
                          Content-Length: 106
                          Connection: keep-alive
                          Cache-Control: no-cache
                          Pragma: no-cache
                          X-Request-ID: 03d218d120155d3d2745f98d75863a60
                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.77</body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          4192.168.2.649735132.226.247.73805712C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          TimestampBytes transferredDirectionData
                          Oct 31, 2024 18:32:08.597795010 CET151OUTGET / HTTP/1.1
                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                          Host: checkip.dyndns.org
                          Connection: Keep-Alive
                          Oct 31, 2024 18:32:09.466490984 CET323INHTTP/1.1 200 OK
                          Date: Thu, 31 Oct 2024 17:32:09 GMT
                          Content-Type: text/html
                          Content-Length: 106
                          Connection: keep-alive
                          Cache-Control: no-cache
                          Pragma: no-cache
                          X-Request-ID: 4d4ee5e3049f433a5203a2b93b469911
                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.77</body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          5192.168.2.649748132.226.247.73805712C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          TimestampBytes transferredDirectionData
                          Oct 31, 2024 18:32:10.257663965 CET151OUTGET / HTTP/1.1
                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                          Host: checkip.dyndns.org
                          Connection: Keep-Alive
                          Oct 31, 2024 18:32:11.134058952 CET323INHTTP/1.1 200 OK
                          Date: Thu, 31 Oct 2024 17:32:11 GMT
                          Content-Type: text/html
                          Content-Length: 106
                          Connection: keep-alive
                          Cache-Control: no-cache
                          Pragma: no-cache
                          X-Request-ID: 04aeca574c967f13c97cd629312c7bf4
                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.77</body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          6192.168.2.649759132.226.247.73805712C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          TimestampBytes transferredDirectionData
                          Oct 31, 2024 18:32:11.976705074 CET151OUTGET / HTTP/1.1
                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                          Host: checkip.dyndns.org
                          Connection: Keep-Alive
                          Oct 31, 2024 18:32:12.850259066 CET323INHTTP/1.1 200 OK
                          Date: Thu, 31 Oct 2024 17:32:12 GMT
                          Content-Type: text/html
                          Content-Length: 106
                          Connection: keep-alive
                          Cache-Control: no-cache
                          Pragma: no-cache
                          X-Request-ID: fe54585caa60ff6c3484cda6da343834
                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.77</body></html>


                          HTTPS Proxied Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.649714188.114.96.34435712C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          TimestampBytes transferredDirectionData
                          2024-10-31 17:32:02 UTC87OUTGET /xml/173.254.250.77 HTTP/1.1
                          Host: reallyfreegeoip.org
                          Connection: Keep-Alive
                          2024-10-31 17:32:02 UTC1213INHTTP/1.1 200 OK
                          Date: Thu, 31 Oct 2024 17:32:02 GMT
                          Content-Type: text/xml
                          Content-Length: 359
                          Connection: close
                          x-amzn-requestid: c513f531-357c-4a16-aa65-2a7ce9db2710
                          x-amzn-trace-id: Root=1-67233ef5-6f781100758ed25925d14b1f;Parent=79f937a2f15fcb5d;Sampled=0;Lineage=1:fc9e8231:0
                          x-cache: Miss from cloudfront
                          via: 1.1 6731676908e2f9fd15d695e4cfc5dc0c.cloudfront.net (CloudFront)
                          x-amz-cf-pop: DFW57-P5
                          x-amz-cf-id: vn-E2QddJo8J5bH3iv-sVGfh-RHrFUSg7-ibKlijEvDnaoVwc3aSew==
                          Cache-Control: max-age=31536000
                          CF-Cache-Status: HIT
                          Age: 32797
                          Last-Modified: Thu, 31 Oct 2024 08:25:25 GMT
                          Accept-Ranges: bytes
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MoAUyPN9slFY72uHF%2BkrmvrK4YG9C34WEzNru2qrdmxcRIMX3hZotP47IiGEbltIVHXCDNzybcanLN2BxCIpjvhMqL7zBx2WfsTdhZ8qpssrYHfHFmLXlS602Q3cpQjbWePjfiZN"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8db561d36ec72cb6-DFW
                          alt-svc: h3=":443"; ma=86400
                          server-timing: cfL4;desc="?proto=TCP&rtt=2337&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1250431&cwnd=251&unsent_bytes=0&cid=6594e2ca6e74978f&ts=747&x=0"
                          2024-10-31 17:32:02 UTC156INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73
                          Data Ascii: <Response><IP>173.254.250.77</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas
                          2024-10-31 17:32:02 UTC203INData Raw: 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                          Data Ascii: </RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          1192.168.2.649716188.114.96.34435712C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          TimestampBytes transferredDirectionData
                          2024-10-31 17:32:03 UTC63OUTGET /xml/173.254.250.77 HTTP/1.1
                          Host: reallyfreegeoip.org
                          2024-10-31 17:32:03 UTC1227INHTTP/1.1 200 OK
                          Date: Thu, 31 Oct 2024 17:32:03 GMT
                          Content-Type: text/xml
                          Content-Length: 359
                          Connection: close
                          x-amzn-requestid: c513f531-357c-4a16-aa65-2a7ce9db2710
                          x-amzn-trace-id: Root=1-67233ef5-6f781100758ed25925d14b1f;Parent=79f937a2f15fcb5d;Sampled=0;Lineage=1:fc9e8231:0
                          x-cache: Miss from cloudfront
                          via: 1.1 6731676908e2f9fd15d695e4cfc5dc0c.cloudfront.net (CloudFront)
                          x-amz-cf-pop: DFW57-P5
                          x-amz-cf-id: vn-E2QddJo8J5bH3iv-sVGfh-RHrFUSg7-ibKlijEvDnaoVwc3aSew==
                          Cache-Control: max-age=31536000
                          CF-Cache-Status: HIT
                          Age: 32798
                          Last-Modified: Thu, 31 Oct 2024 08:25:25 GMT
                          Accept-Ranges: bytes
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JoGG18YUcjorIzSeh0aeylKWFI1jrLsSXCRDU%2B85091DwLeM%2FtkL6V2etZ66OsSY%2BMAb%2BvHLpSIjOy%2F4lQjnj5PqTPHRqFDQk097y7wJ7osPsWGO%2B%2B213%2FvrGQIYpad4HuT67Ep5"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8db561da2a5945e8-DFW
                          alt-svc: h3=":443"; ma=86400
                          server-timing: cfL4;desc="?proto=TCP&rtt=1007&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2706542&cwnd=251&unsent_bytes=0&cid=d4803379505c7917&ts=163&x=0"
                          2024-10-31 17:32:03 UTC142INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65
                          Data Ascii: <Response><IP>173.254.250.77</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><Re
                          2024-10-31 17:32:03 UTC217INData Raw: 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                          Data Ascii: gionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          2192.168.2.649719188.114.96.34435712C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          TimestampBytes transferredDirectionData
                          2024-10-31 17:32:05 UTC63OUTGET /xml/173.254.250.77 HTTP/1.1
                          Host: reallyfreegeoip.org
                          2024-10-31 17:32:05 UTC1221INHTTP/1.1 200 OK
                          Date: Thu, 31 Oct 2024 17:32:05 GMT
                          Content-Type: text/xml
                          Content-Length: 359
                          Connection: close
                          x-amzn-requestid: c513f531-357c-4a16-aa65-2a7ce9db2710
                          x-amzn-trace-id: Root=1-67233ef5-6f781100758ed25925d14b1f;Parent=79f937a2f15fcb5d;Sampled=0;Lineage=1:fc9e8231:0
                          x-cache: Miss from cloudfront
                          via: 1.1 6731676908e2f9fd15d695e4cfc5dc0c.cloudfront.net (CloudFront)
                          x-amz-cf-pop: DFW57-P5
                          x-amz-cf-id: vn-E2QddJo8J5bH3iv-sVGfh-RHrFUSg7-ibKlijEvDnaoVwc3aSew==
                          Cache-Control: max-age=31536000
                          CF-Cache-Status: HIT
                          Age: 32800
                          Last-Modified: Thu, 31 Oct 2024 08:25:25 GMT
                          Accept-Ranges: bytes
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EBVdSa37LUHIdiUTnRQU%2FmrL2VZr3YNrwxiv1X8zrIBjKDXNw5cFAFSmZ9zjJ3%2F%2B363gfshq34KJVuS%2FfIWUQFHwQX2IzXScpxhrxyAgbNeptNrwqhOZ7tGx70SUsK82gephpF%2BW"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8db561e4ae24e997-DFW
                          alt-svc: h3=":443"; ma=86400
                          server-timing: cfL4;desc="?proto=TCP&rtt=1402&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2052445&cwnd=250&unsent_bytes=0&cid=d557fd00d1a51a3d&ts=157&x=0"
                          2024-10-31 17:32:05 UTC148INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61
                          Data Ascii: <Response><IP>173.254.250.77</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionNa
                          2024-10-31 17:32:05 UTC211INData Raw: 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                          Data Ascii: me>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          3192.168.2.649722188.114.96.34435712C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          TimestampBytes transferredDirectionData
                          2024-10-31 17:32:06 UTC87OUTGET /xml/173.254.250.77 HTTP/1.1
                          Host: reallyfreegeoip.org
                          Connection: Keep-Alive
                          2024-10-31 17:32:06 UTC1217INHTTP/1.1 200 OK
                          Date: Thu, 31 Oct 2024 17:32:06 GMT
                          Content-Type: text/xml
                          Content-Length: 359
                          Connection: close
                          x-amzn-requestid: c513f531-357c-4a16-aa65-2a7ce9db2710
                          x-amzn-trace-id: Root=1-67233ef5-6f781100758ed25925d14b1f;Parent=79f937a2f15fcb5d;Sampled=0;Lineage=1:fc9e8231:0
                          x-cache: Miss from cloudfront
                          via: 1.1 6731676908e2f9fd15d695e4cfc5dc0c.cloudfront.net (CloudFront)
                          x-amz-cf-pop: DFW57-P5
                          x-amz-cf-id: vn-E2QddJo8J5bH3iv-sVGfh-RHrFUSg7-ibKlijEvDnaoVwc3aSew==
                          Cache-Control: max-age=31536000
                          CF-Cache-Status: HIT
                          Age: 32801
                          Last-Modified: Thu, 31 Oct 2024 08:25:25 GMT
                          Accept-Ranges: bytes
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dyE8joa8EIwk1JIxCMldwuYmCUcoNmeryG%2F9nkPGB7OfHeiM8lhnTYbvlsurbB73aP6NKq7r5bLCq0gI3b0%2BclHjSRGSZFA80N5UwZiZ6tE%2FlY5gUTUdPgArS86oi4xzaDRtBTRT"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8db561eefd214772-DFW
                          alt-svc: h3=":443"; ma=86400
                          server-timing: cfL4;desc="?proto=TCP&rtt=1025&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=2847590&cwnd=239&unsent_bytes=0&cid=61fb497b655db222&ts=153&x=0"
                          2024-10-31 17:32:06 UTC152INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54
                          Data Ascii: <Response><IP>173.254.250.77</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>T
                          2024-10-31 17:32:06 UTC207INData Raw: 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                          Data Ascii: exas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          4192.168.2.649729188.114.96.34435712C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          TimestampBytes transferredDirectionData
                          2024-10-31 17:32:08 UTC87OUTGET /xml/173.254.250.77 HTTP/1.1
                          Host: reallyfreegeoip.org
                          Connection: Keep-Alive
                          2024-10-31 17:32:08 UTC1215INHTTP/1.1 200 OK
                          Date: Thu, 31 Oct 2024 17:32:08 GMT
                          Content-Type: text/xml
                          Content-Length: 359
                          Connection: close
                          x-amzn-requestid: c513f531-357c-4a16-aa65-2a7ce9db2710
                          x-amzn-trace-id: Root=1-67233ef5-6f781100758ed25925d14b1f;Parent=79f937a2f15fcb5d;Sampled=0;Lineage=1:fc9e8231:0
                          x-cache: Miss from cloudfront
                          via: 1.1 6731676908e2f9fd15d695e4cfc5dc0c.cloudfront.net (CloudFront)
                          x-amz-cf-pop: DFW57-P5
                          x-amz-cf-id: vn-E2QddJo8J5bH3iv-sVGfh-RHrFUSg7-ibKlijEvDnaoVwc3aSew==
                          Cache-Control: max-age=31536000
                          CF-Cache-Status: HIT
                          Age: 32803
                          Last-Modified: Thu, 31 Oct 2024 08:25:25 GMT
                          Accept-Ranges: bytes
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kM5Lo6BvPqmRFMA3gMrMmH0NrFsxkEtrHAEqHT9vf%2Fly1vWI6SbfNU3%2ByN7rE8VTAB6zsqAHKSfbsQoS9DK2KwNYgh29gQuDuuiXJABVopTvuoT7YFcnJeRrJTvD3C9GNjltF82E"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8db561f92d4a0c07-DFW
                          alt-svc: h3=":443"; ma=86400
                          server-timing: cfL4;desc="?proto=TCP&rtt=1581&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=1784349&cwnd=245&unsent_bytes=0&cid=a627705ef23c6d18&ts=153&x=0"
                          2024-10-31 17:32:08 UTC154INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78
                          Data Ascii: <Response><IP>173.254.250.77</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Tex
                          2024-10-31 17:32:08 UTC205INData Raw: 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                          Data Ascii: as</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          5192.168.2.649741188.114.96.34435712C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          TimestampBytes transferredDirectionData
                          2024-10-31 17:32:10 UTC63OUTGET /xml/173.254.250.77 HTTP/1.1
                          Host: reallyfreegeoip.org
                          2024-10-31 17:32:10 UTC1215INHTTP/1.1 200 OK
                          Date: Thu, 31 Oct 2024 17:32:10 GMT
                          Content-Type: text/xml
                          Content-Length: 359
                          Connection: close
                          x-amzn-requestid: c513f531-357c-4a16-aa65-2a7ce9db2710
                          x-amzn-trace-id: Root=1-67233ef5-6f781100758ed25925d14b1f;Parent=79f937a2f15fcb5d;Sampled=0;Lineage=1:fc9e8231:0
                          x-cache: Miss from cloudfront
                          via: 1.1 6731676908e2f9fd15d695e4cfc5dc0c.cloudfront.net (CloudFront)
                          x-amz-cf-pop: DFW57-P5
                          x-amz-cf-id: vn-E2QddJo8J5bH3iv-sVGfh-RHrFUSg7-ibKlijEvDnaoVwc3aSew==
                          Cache-Control: max-age=31536000
                          CF-Cache-Status: HIT
                          Age: 32805
                          Last-Modified: Thu, 31 Oct 2024 08:25:25 GMT
                          Accept-Ranges: bytes
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VpAnRVHpH5HM77F8HYVnKYjCvmJtpRLC0vrqITzcw1hCy7Lw8FZRMc3SLkFDCSBtMgxwD0p0nc9AsNJpo34zdrVL2%2FOdRYosNKKLHACcuXpnHvBtNc8j6TH%2BUZr7Of4rcoDsrDbw"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8db5620388f76b35-DFW
                          alt-svc: h3=":443"; ma=86400
                          server-timing: cfL4;desc="?proto=TCP&rtt=1184&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=2389438&cwnd=247&unsent_bytes=0&cid=27e2458927a63e6e&ts=155&x=0"
                          2024-10-31 17:32:10 UTC154INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78
                          Data Ascii: <Response><IP>173.254.250.77</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Tex
                          2024-10-31 17:32:10 UTC205INData Raw: 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                          Data Ascii: as</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          6192.168.2.649754188.114.96.34435712C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          TimestampBytes transferredDirectionData
                          2024-10-31 17:32:11 UTC63OUTGET /xml/173.254.250.77 HTTP/1.1
                          Host: reallyfreegeoip.org
                          2024-10-31 17:32:11 UTC1223INHTTP/1.1 200 OK
                          Date: Thu, 31 Oct 2024 17:32:11 GMT
                          Content-Type: text/xml
                          Content-Length: 359
                          Connection: close
                          x-amzn-requestid: c513f531-357c-4a16-aa65-2a7ce9db2710
                          x-amzn-trace-id: Root=1-67233ef5-6f781100758ed25925d14b1f;Parent=79f937a2f15fcb5d;Sampled=0;Lineage=1:fc9e8231:0
                          x-cache: Miss from cloudfront
                          via: 1.1 6731676908e2f9fd15d695e4cfc5dc0c.cloudfront.net (CloudFront)
                          x-amz-cf-pop: DFW57-P5
                          x-amz-cf-id: vn-E2QddJo8J5bH3iv-sVGfh-RHrFUSg7-ibKlijEvDnaoVwc3aSew==
                          Cache-Control: max-age=31536000
                          CF-Cache-Status: HIT
                          Age: 32806
                          Last-Modified: Thu, 31 Oct 2024 08:25:25 GMT
                          Accept-Ranges: bytes
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YfvRHoWJYAhiGqiHViLgieo5DO7k55bGCOTgTE%2BsHLRR%2FdZsveTIaXP1%2F%2FnJ656Ni7YY9iPFzS7K%2B7LU6WCeH3c1gMD%2FIOctVFZFjM4VFqJ2ETAVbzJKXbCgKFr8mwOBeaP4ufm4"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8db5620e1912476c-DFW
                          alt-svc: h3=":443"; ma=86400
                          server-timing: cfL4;desc="?proto=TCP&rtt=2146&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1425898&cwnd=251&unsent_bytes=0&cid=bc334c1995a64bfb&ts=191&x=0"
                          2024-10-31 17:32:11 UTC146INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e
                          Data Ascii: <Response><IP>173.254.250.77</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><Region
                          2024-10-31 17:32:11 UTC213INData Raw: 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                          Data Ascii: Name>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          7192.168.2.649765188.114.96.34435712C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          TimestampBytes transferredDirectionData
                          2024-10-31 17:32:13 UTC87OUTGET /xml/173.254.250.77 HTTP/1.1
                          Host: reallyfreegeoip.org
                          Connection: Keep-Alive
                          2024-10-31 17:32:13 UTC1229INHTTP/1.1 200 OK
                          Date: Thu, 31 Oct 2024 17:32:13 GMT
                          Content-Type: text/xml
                          Content-Length: 359
                          Connection: close
                          x-amzn-requestid: c513f531-357c-4a16-aa65-2a7ce9db2710
                          x-amzn-trace-id: Root=1-67233ef5-6f781100758ed25925d14b1f;Parent=79f937a2f15fcb5d;Sampled=0;Lineage=1:fc9e8231:0
                          x-cache: Miss from cloudfront
                          via: 1.1 6731676908e2f9fd15d695e4cfc5dc0c.cloudfront.net (CloudFront)
                          x-amz-cf-pop: DFW57-P5
                          x-amz-cf-id: vn-E2QddJo8J5bH3iv-sVGfh-RHrFUSg7-ibKlijEvDnaoVwc3aSew==
                          Cache-Control: max-age=31536000
                          CF-Cache-Status: HIT
                          Age: 32808
                          Last-Modified: Thu, 31 Oct 2024 08:25:25 GMT
                          Accept-Ranges: bytes
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A%2F6ieYFe%2Fo1p%2BKDrU0Ztrr0VHaqy50qtwy%2FIWH%2FSzHzCscRxt2yZS4R6SSESAehz2gX5dH1QZ7ASjv%2BciUABb%2B41%2FNtTwSOhIYoizmgbrioFsFAhe5ude6%2FXTJR3Rxn5aG97dYqE"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8db56218af94e712-DFW
                          alt-svc: h3=":443"; ma=86400
                          server-timing: cfL4;desc="?proto=TCP&rtt=1661&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1681765&cwnd=247&unsent_bytes=0&cid=652016646e4a3438&ts=156&x=0"
                          2024-10-31 17:32:13 UTC140INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c
                          Data Ascii: <Response><IP>173.254.250.77</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><
                          2024-10-31 17:32:13 UTC219INData Raw: 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                          Data Ascii: RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:13:31:56
                          Start date:31/10/2024
                          Path:C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe"
                          Imagebase:0x950000
                          File size:694'272 bytes
                          MD5 hash:337574F09FF0A772AEDBD6F7C2064496
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2160046971.0000000004A0A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2160046971.0000000004A0A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2160046971.0000000004A0A000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                          • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2160046971.0000000004A0A000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:3
                          Start time:13:31:58
                          Start date:31/10/2024
                          Path:C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe"
                          Imagebase:0x320000
                          File size:694'272 bytes
                          MD5 hash:337574F09FF0A772AEDBD6F7C2064496
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:4
                          Start time:13:31:58
                          Start date:31/10/2024
                          Path:C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\Desktop\z17Mz7zumpwTUMRxyS.exe"
                          Imagebase:0xea0000
                          File size:694'272 bytes
                          MD5 hash:337574F09FF0A772AEDBD6F7C2064496
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                          • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000004.00000002.4590823819.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.4591851679.000000000352F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.4591851679.0000000003361000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          Reputation:low
                          Has exited:false

                          Disassembly

                          Reset < >

                            Execution Graph

                            Execution Coverage:10.4%
                            Dynamic/Decrypted Code Coverage:100%
                            Signature Coverage:2.8%
                            Total number of Nodes:217
                            Total number of Limit Nodes:10
                            execution_graph 53742 115b1b0 53746 115b2a4 53742->53746 53751 115b298 53742->53751 53743 115b1bf 53748 115b2a6 53746->53748 53747 115b2dc 53747->53743 53748->53747 53749 115b4e0 GetModuleHandleW 53748->53749 53750 115b50d 53749->53750 53750->53743 53753 115b2a6 53751->53753 53752 115b2dc 53752->53743 53753->53752 53754 115b4e0 GetModuleHandleW 53753->53754 53755 115b50d 53754->53755 53755->53743 53968 115d540 53969 115d586 GetCurrentProcess 53968->53969 53971 115d5d1 53969->53971 53972 115d5d8 GetCurrentThread 53969->53972 53971->53972 53973 115d615 GetCurrentProcess 53972->53973 53974 115d60e 53972->53974 53975 115d64b 53973->53975 53974->53973 53976 115d673 GetCurrentThreadId 53975->53976 53977 115d6a4 53976->53977 53756 71ef038 53758 71eef66 53756->53758 53757 71eef56 53758->53757 53761 75913a0 53758->53761 53766 75913b0 53758->53766 53762 75913b0 53761->53762 53771 75913e1 53762->53771 53787 7591456 53762->53787 53763 75913d7 53763->53758 53767 75913c5 53766->53767 53769 75913e1 12 API calls 53767->53769 53770 7591456 12 API calls 53767->53770 53768 75913d7 53768->53758 53769->53768 53770->53768 53772 75913e4 53771->53772 53779 7591412 53772->53779 53804 7591cf9 53772->53804 53809 7592067 53772->53809 53814 7591b84 53772->53814 53823 7591d04 53772->53823 53827 7591fc5 53772->53827 53832 7591865 53772->53832 53836 7591e83 53772->53836 53841 7591dad 53772->53841 53846 7591956 53772->53846 53850 7591997 53772->53850 53858 7591a77 53772->53858 53862 75918b4 53772->53862 53867 7591ede 53772->53867 53779->53763 53788 75913e4 53787->53788 53790 7591459 53787->53790 53789 7591412 53788->53789 53791 7591cf9 2 API calls 53788->53791 53792 7591ede 2 API calls 53788->53792 53793 75918b4 2 API calls 53788->53793 53794 7591a77 2 API calls 53788->53794 53795 7591997 4 API calls 53788->53795 53796 7591956 2 API calls 53788->53796 53797 7591dad 2 API calls 53788->53797 53798 7591e83 2 API calls 53788->53798 53799 7591865 2 API calls 53788->53799 53800 7591fc5 2 API calls 53788->53800 53801 7591d04 2 API calls 53788->53801 53802 7591b84 4 API calls 53788->53802 53803 7592067 2 API calls 53788->53803 53789->53763 53790->53763 53791->53789 53792->53789 53793->53789 53794->53789 53795->53789 53796->53789 53797->53789 53798->53789 53799->53789 53800->53789 53801->53789 53802->53789 53803->53789 53805 7591ee5 53804->53805 53872 71ee890 53805->53872 53876 71ee888 53805->53876 53806 75920fc 53810 759206d 53809->53810 53812 71ee888 WriteProcessMemory 53810->53812 53813 71ee890 WriteProcessMemory 53810->53813 53811 75920a6 53812->53811 53813->53811 53815 7591b88 53814->53815 53880 71ee6f8 53815->53880 53884 71ee6f1 53815->53884 53816 7592202 53817 7591ba3 53817->53816 53888 71ee648 53817->53888 53892 71ee640 53817->53892 53818 7591de0 53818->53779 53825 71ee888 WriteProcessMemory 53823->53825 53826 71ee890 WriteProcessMemory 53823->53826 53824 7591c67 53825->53824 53826->53824 53828 7591fd2 53827->53828 53830 71ee888 WriteProcessMemory 53828->53830 53831 71ee890 WriteProcessMemory 53828->53831 53829 75920a6 53830->53829 53831->53829 53896 71eeb0d 53832->53896 53900 71eeb18 53832->53900 53837 7591dcc 53836->53837 53839 71ee648 ResumeThread 53837->53839 53840 71ee640 ResumeThread 53837->53840 53838 7591de0 53838->53779 53839->53838 53840->53838 53842 7591db3 53841->53842 53844 71ee648 ResumeThread 53842->53844 53845 71ee640 ResumeThread 53842->53845 53843 7591de0 53843->53779 53844->53843 53845->53843 53904 71ee979 53846->53904 53908 71ee980 53846->53908 53847 7591978 53847->53779 53851 75919a4 53850->53851 53852 7591ba3 53851->53852 53856 71ee6f8 Wow64SetThreadContext 53851->53856 53857 71ee6f1 Wow64SetThreadContext 53851->53857 53853 7591de0 53852->53853 53854 71ee648 ResumeThread 53852->53854 53855 71ee640 ResumeThread 53852->53855 53853->53779 53854->53853 53855->53853 53856->53852 53857->53852 53912 7592470 53858->53912 53917 7592460 53858->53917 53859 7591a8f 53859->53779 53863 75918cb 53862->53863 53922 71ee7c8 53863->53922 53926 71ee7d0 53863->53926 53864 759213f 53868 7591ee4 53867->53868 53870 71ee888 WriteProcessMemory 53868->53870 53871 71ee890 WriteProcessMemory 53868->53871 53869 75920fc 53870->53869 53871->53869 53873 71ee8d8 WriteProcessMemory 53872->53873 53875 71ee92f 53873->53875 53875->53806 53877 71ee890 WriteProcessMemory 53876->53877 53879 71ee92f 53877->53879 53879->53806 53881 71ee73d Wow64SetThreadContext 53880->53881 53883 71ee785 53881->53883 53883->53817 53885 71ee6f8 Wow64SetThreadContext 53884->53885 53887 71ee785 53885->53887 53887->53817 53889 71ee688 ResumeThread 53888->53889 53891 71ee6b9 53889->53891 53891->53818 53893 71ee648 ResumeThread 53892->53893 53895 71ee6b9 53893->53895 53895->53818 53897 71eeb18 CreateProcessA 53896->53897 53899 71eed63 53897->53899 53901 71eeba1 CreateProcessA 53900->53901 53903 71eed63 53901->53903 53905 71ee980 ReadProcessMemory 53904->53905 53907 71eea0f 53905->53907 53907->53847 53909 71ee9cb ReadProcessMemory 53908->53909 53911 71eea0f 53909->53911 53911->53847 53913 7592485 53912->53913 53915 71ee6f8 Wow64SetThreadContext 53913->53915 53916 71ee6f1 Wow64SetThreadContext 53913->53916 53914 759249b 53914->53859 53915->53914 53916->53914 53918 7592470 53917->53918 53920 71ee6f8 Wow64SetThreadContext 53918->53920 53921 71ee6f1 Wow64SetThreadContext 53918->53921 53919 759249b 53919->53859 53920->53919 53921->53919 53923 71ee7d0 VirtualAllocEx 53922->53923 53925 71ee84d 53923->53925 53925->53864 53927 71ee810 VirtualAllocEx 53926->53927 53929 71ee84d 53927->53929 53929->53864 53930 75926f0 53931 759287b 53930->53931 53932 7592716 53930->53932 53932->53931 53935 7592d78 PostMessageW 53932->53935 53937 7592d70 53932->53937 53936 7592de4 53935->53936 53936->53932 53938 7592d78 PostMessageW 53937->53938 53939 7592de4 53938->53939 53939->53932 53737 71cdf00 53738 71cdf08 CloseHandle 53737->53738 53739 71cdf6f 53738->53739 53940 71cb5d0 53941 71cb60a 53940->53941 53942 71cb69b 53941->53942 53943 71cb686 53941->53943 53944 71caef8 3 API calls 53942->53944 53948 71caef8 53943->53948 53946 71cb6aa 53944->53946 53949 71caf03 53948->53949 53950 71cb691 53949->53950 53953 71cbff0 53949->53953 53959 71cbfdf 53949->53959 53956 71cc00a 53953->53956 53965 71caf40 53953->53965 53955 71cc017 53955->53950 53956->53955 53957 71cc040 CreateIconFromResourceEx 53956->53957 53958 71cc0be 53957->53958 53958->53950 53960 71caf40 CreateIconFromResourceEx 53959->53960 53961 71cc00a 53960->53961 53962 71cc017 53961->53962 53963 71cc040 CreateIconFromResourceEx 53961->53963 53962->53950 53964 71cc0be 53963->53964 53964->53950 53966 71cc040 CreateIconFromResourceEx 53965->53966 53967 71cc0be 53966->53967 53967->53956 53978 71ca2c0 53979 71ca30e DrawTextExW 53978->53979 53981 71ca366 53979->53981 53740 115d788 DuplicateHandle 53741 115d81e 53740->53741 53982 1154668 53983 115467f 53982->53983 53984 115468b 53983->53984 53986 1154798 53983->53986 53987 115479e 53986->53987 53994 11548a4 53987->53994 53998 11548a8 53987->53998 54002 1154898 53987->54002 54006 115489d 53987->54006 54010 11548a0 53987->54010 53996 11548cf 53994->53996 53995 11549ac 53995->53995 53996->53995 54014 1154508 53996->54014 54000 11548cf 53998->54000 53999 11549ac 53999->53999 54000->53999 54001 1154508 CreateActCtxA 54000->54001 54001->53999 54004 115489e 54002->54004 54003 11549ac 54003->54003 54004->54003 54005 1154508 CreateActCtxA 54004->54005 54005->54003 54007 115489e 54006->54007 54008 1154508 CreateActCtxA 54007->54008 54009 11549ac 54007->54009 54008->54009 54012 11548a2 54010->54012 54011 11549ac 54011->54011 54012->54011 54013 1154508 CreateActCtxA 54012->54013 54013->54011 54015 1155938 CreateActCtxA 54014->54015 54017 11559fb 54015->54017

                            Executed Functions

                            Function 071F2106 Relevance: 1.8, Strings: 1, Instructions: 562COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 75 71f2106-71f210a 76 71f2acd-71f2adf 75->76 77 71f210b-71f2120 75->77 77->76 78 71f2121-71f212c 77->78 80 71f2132-71f213e 78->80 81 71f214a-71f2159 80->81 83 71f21b8-71f21bc 81->83 84 71f2264-71f22ce 83->84 85 71f21c2-71f21cb 83->85 84->76 123 71f22d4-71f281b 84->123 86 71f20c6-71f20d2 85->86 87 71f21d1-71f21e7 85->87 86->76 89 71f20d8-71f20e4 86->89 93 71f2239-71f224b 87->93 94 71f21e9-71f21ec 87->94 91 71f215b-71f2161 89->91 92 71f20e6-71f20fa 89->92 91->76 95 71f2167-71f217f 91->95 92->91 99 71f20fc-71f2105 92->99 103 71f2a0c-71f2ac2 93->103 104 71f2251-71f2261 93->104 94->76 97 71f21f2-71f222f 94->97 95->76 106 71f2185-71f21ad 95->106 97->84 119 71f2231-71f2237 97->119 99->75 103->76 106->83 119->93 119->94 201 71f281d-71f2827 123->201 202 71f2832-71f28c5 123->202 203 71f282d 201->203 204 71f28d0-71f2963 201->204 202->204 205 71f296e-71f2a01 203->205 204->205 205->103
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID: D
                            • API String ID: 0-2746444292
                            • Opcode ID: 75b54336714dc3b252d447eef9905f44383cbc37c6a92824ffc9004d1d6c20a7
                            • Instruction ID: dd8ac2d0725fbad73ab77307de8f7b35bf475e4e03a472f416d914edbe1ad8f7
                            • Opcode Fuzzy Hash: 75b54336714dc3b252d447eef9905f44383cbc37c6a92824ffc9004d1d6c20a7
                            • Instruction Fuzzy Hash: C352B674A112198FDB64DF64C898B9DBBB2BF89310F1141D9D50AA73A1CF34AE81DF50
                            Function 071EEB0D Relevance: 1.8, APIs: 1, Instructions: 250processCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 230 71eeb0d-71eebad 233 71eebaf-71eebb9 230->233 234 71eebe6-71eec06 230->234 233->234 235 71eebbb-71eebbd 233->235 239 71eec3f-71eec6e 234->239 240 71eec08-71eec12 234->240 237 71eebbf-71eebc9 235->237 238 71eebe0-71eebe3 235->238 241 71eebcd-71eebdc 237->241 242 71eebcb 237->242 238->234 248 71eeca7-71eed61 CreateProcessA 239->248 249 71eec70-71eec7a 239->249 240->239 244 71eec14-71eec16 240->244 241->241 243 71eebde 241->243 242->241 243->238 245 71eec18-71eec22 244->245 246 71eec39-71eec3c 244->246 250 71eec26-71eec35 245->250 251 71eec24 245->251 246->239 262 71eed6a-71eedf0 248->262 263 71eed63-71eed69 248->263 249->248 252 71eec7c-71eec7e 249->252 250->250 253 71eec37 250->253 251->250 254 71eec80-71eec8a 252->254 255 71eeca1-71eeca4 252->255 253->246 257 71eec8e-71eec9d 254->257 258 71eec8c 254->258 255->248 257->257 259 71eec9f 257->259 258->257 259->255 273 71eedf2-71eedf6 262->273 274 71eee00-71eee04 262->274 263->262 273->274 275 71eedf8 273->275 276 71eee06-71eee0a 274->276 277 71eee14-71eee18 274->277 275->274 276->277 280 71eee0c 276->280 278 71eee1a-71eee1e 277->278 279 71eee28-71eee2c 277->279 278->279 281 71eee20 278->281 282 71eee3e-71eee45 279->282 283 71eee2e-71eee34 279->283 280->277 281->279 284 71eee5c 282->284 285 71eee47-71eee56 282->285 283->282 287 71eee5d 284->287 285->284 287->287
                            APIs
                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 071EED4E
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: CreateProcess
                            • String ID:
                            • API String ID: 963392458-0
                            • Opcode ID: c0c387975d8c1d76f0555b38333af4e1e8601248791f3c778d37ce9d80f0c040
                            • Instruction ID: 0e6e95ed91249e6e3c570654163ac0495c492fe3274c31bc78aded752dca8ffd
                            • Opcode Fuzzy Hash: c0c387975d8c1d76f0555b38333af4e1e8601248791f3c778d37ce9d80f0c040
                            • Instruction Fuzzy Hash: EEA17EB1D0065ACFEF25CF68C8417EDBBB6BF48310F1485A9E809A7280DB749985CF91
                            Function 071FCD54 Relevance: 1.0, Instructions: 981COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cfbe72bbd5741ea723c8a7a6ce62a6694c9d7967e19f040b5cec87aa97d56fd4
                            • Instruction ID: 271a4590133e58a1f87520109d93bd20435e55d5660242c4456d5c8b2cebd6a7
                            • Opcode Fuzzy Hash: cfbe72bbd5741ea723c8a7a6ce62a6694c9d7967e19f040b5cec87aa97d56fd4
                            • Instruction Fuzzy Hash: 0572AE71B002058FDB19AB78C85466E7BA6BFC9710F258569E20ADB3E1CF74DC06C7A1
                            Function 071F6CE8 Relevance: .7, Instructions: 668COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d6518f7cd04cc280c95f4e102368cee0e01ad1298379beb9632905e1594de48c
                            • Instruction ID: 3e4de515c3ec94e40d5dd742afbd44fd17e0ab870137ee720a8bf28aed62caee
                            • Opcode Fuzzy Hash: d6518f7cd04cc280c95f4e102368cee0e01ad1298379beb9632905e1594de48c
                            • Instruction Fuzzy Hash: E8524A70600605CFDB19DF68C598A9DBBF2FF88314F6585A8E50A9B7A1CB71EC46CB40
                            Function 071CAEF8 Relevance: .6, Instructions: 623COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161733155.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71c0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d1afa533c2660ebe663b4b4f962352f5d25d2ac4533b9182b61143536d0c082a
                            • Instruction ID: c469d9406cc4adb6ee07fe68e082e7ef10b0e49aadf30a74f91254a46c3977b7
                            • Opcode Fuzzy Hash: d1afa533c2660ebe663b4b4f962352f5d25d2ac4533b9182b61143536d0c082a
                            • Instruction Fuzzy Hash: 6A325CB0A042198FDB69DFA8C8517AEBBB2BF84300F14816ED549AB385DB349C45CB95
                            Function 071C21B0 Relevance: .6, Instructions: 552COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161733155.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71c0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a4312ce4b34c2525748f990913161dc16a132d093891aaaa83fcae4ec1023b45
                            • Instruction ID: 0a2eb4a697c1c05d371996a7a016fe4a2d1f54321fd004994b7163cbe3b40a28
                            • Opcode Fuzzy Hash: a4312ce4b34c2525748f990913161dc16a132d093891aaaa83fcae4ec1023b45
                            • Instruction Fuzzy Hash: E1421A70E0071A8FCB15DFA8C8906DDF7B1FF99300F1086AAD459AB251EB70A985CF91
                            Function 071E2338 Relevance: .5, Instructions: 512COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2d347a782e94c1a14057034b4a1d640ffb833be3c7fec98c9966d72d07c24d58
                            • Instruction ID: acaf8413999f9da1c4dc6c7f9f709b334cf9a71ddc6251c379e0dadaaaa26dde
                            • Opcode Fuzzy Hash: 2d347a782e94c1a14057034b4a1d640ffb833be3c7fec98c9966d72d07c24d58
                            • Instruction Fuzzy Hash: E042A2B4E01629CFDB24CFA9C994B9DBBB6BF48300F5481A9D809A7391D734AD81CF50
                            Function 071E1069 Relevance: .5, Instructions: 488COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 72568f1da994995020820f2718b65cb89ba0f417efd028e79386b66fdd95536f
                            • Instruction ID: d51603cf00dfb21bd2c4b8eb144a7c610dc87af63f7ddc1cfffc749cec63bb2b
                            • Opcode Fuzzy Hash: 72568f1da994995020820f2718b65cb89ba0f417efd028e79386b66fdd95536f
                            • Instruction Fuzzy Hash: BF32E3B0900659CFEB55DFA9C580A8EFBF6BF49315F55C295C448AB221CB30D986CFA0
                            Function 071C23F0 Relevance: .4, Instructions: 374COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161733155.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71c0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 753bd62dbb46df3badc5b25ed18f65e662a4898578ee91809035ec0daaaa487d
                            • Instruction ID: 2e18c12098102492f77cddf7ea21c1eed47fbd2f4cf7e7473cf568db3535e466
                            • Opcode Fuzzy Hash: 753bd62dbb46df3badc5b25ed18f65e662a4898578ee91809035ec0daaaa487d
                            • Instruction Fuzzy Hash: C612B675D1071ACFCB15DFA8C880AD9F7B1BF59300F1586AAD859A7251EB70AAC4CF80
                            Function 071F6CD8 Relevance: .3, Instructions: 294COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: afc5042ebbe9922ee5ea0559d06ad3d5be1329bb98369fde68df8820ffc3c1ec
                            • Instruction ID: aedabf3f1fc33aa1f5d7f01dfe7267a93f88f9bac3cbb179bda840efec394332
                            • Opcode Fuzzy Hash: afc5042ebbe9922ee5ea0559d06ad3d5be1329bb98369fde68df8820ffc3c1ec
                            • Instruction Fuzzy Hash: 2FD1F8B4A00205CFDB15CF58C588B9CB7F2FF45315F6981A9E549AB2A1CB31ED86CB40
                            Function 071CB6B8 Relevance: .3, Instructions: 278COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161733155.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71c0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: efa327f1a002fc9bb7bb014aeaa9e02ede565072baec51db0dc9cfc5fcf7a50a
                            • Instruction ID: 378ef5fba986eb59c32f857a8beb4954a7511b5c5bfd6dd57dfa41d3ac54b872
                            • Opcode Fuzzy Hash: efa327f1a002fc9bb7bb014aeaa9e02ede565072baec51db0dc9cfc5fcf7a50a
                            • Instruction Fuzzy Hash: 00C15BF1E04219DFDB25CFA5C88179DBBF2AF98300F14C1AAD449AB295EB309985CF51
                            Function 0115703A Relevance: .2, Instructions: 193COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2159285716.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1150000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9c6fbe856e06c5af2135b105da29061693937e51198e601a61c88260d7f34aa5
                            • Instruction ID: 9248e79adf7719f166f369cc19b86837067ae8113a9cdfa34e3eaa2809e8cdf7
                            • Opcode Fuzzy Hash: 9c6fbe856e06c5af2135b105da29061693937e51198e601a61c88260d7f34aa5
                            • Instruction Fuzzy Hash: D491A174E00219DFDB58DFA9D890AEDBBB2FF88310F10816AD919AB364DB315946CF50
                            Function 01153E34 Relevance: .2, Instructions: 187COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2159285716.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1150000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1b5a082d759c837d7a5a9ca1cb3b1d08baf6dd26d48321abbef4c434df093327
                            • Instruction ID: ffe6a39dfacae2a247f7b8ffe2a1d64f243dca4e75da67c39d009acd6f0283c0
                            • Opcode Fuzzy Hash: 1b5a082d759c837d7a5a9ca1cb3b1d08baf6dd26d48321abbef4c434df093327
                            • Instruction Fuzzy Hash: BD81A174E00219DFDB58DFA9D890ADEBBB2FF88300F10806AD919AB364DB315946CF50
                            Function 071C7210 Relevance: .1, Instructions: 90COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161733155.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71c0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 66f0ac88aa348b2dacc44e99732e8aa315c0616254c5869d1e3826c8ee9f9976
                            • Instruction ID: 495f9a499a3cae34df396d999e60632f97e4b7c7e6200ee8f3b32bebdef1487d
                            • Opcode Fuzzy Hash: 66f0ac88aa348b2dacc44e99732e8aa315c0616254c5869d1e3826c8ee9f9976
                            • Instruction Fuzzy Hash: A9313233450B28CEC704AF278A5698577FAEB92A14F175B4AD12C2F2F1D7716281CF85
                            Function 071E78F8 Relevance: .1, Instructions: 72COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b0be46d273dfb88998c1c2f91734684e332aaf1395eade9820f17ef825685675
                            • Instruction ID: e655ec7954a647e7b8b331469c6d0a1a9ae26d18dd8c32d3ea81db1ae68ff9fd
                            • Opcode Fuzzy Hash: b0be46d273dfb88998c1c2f91734684e332aaf1395eade9820f17ef825685675
                            • Instruction Fuzzy Hash: 1E21FBB1E046188BEB58CF6BC8407DEFAF7AFC9300F04C4B9C548AA254DB340A858F51
                            Function 071C7258 Relevance: .1, Instructions: 72COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161733155.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71c0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0019e6e51bac33a3a747647e61ef3efd5f3235943a986f132ff291e84c43abea
                            • Instruction ID: bb9ef66d0cff5f3909a840472432637b10c76be933d1d5f6f273071a5d30369e
                            • Opcode Fuzzy Hash: 0019e6e51bac33a3a747647e61ef3efd5f3235943a986f132ff291e84c43abea
                            • Instruction Fuzzy Hash: CC319333450B18CEC704AF23C656985BBF9EBA2A14F175B4AD11C2F2E1D7716281CF84
                            Function 07591F8C Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2162183146.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7590000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ece835c278d7ae6bb36b003423c632b5a7889f0c6f84f054eb2432200212bac6
                            • Instruction ID: 23a43cd3e9ca868165436a00b4816d05f71065a55c1e323174713085fa59a0e2
                            • Opcode Fuzzy Hash: ece835c278d7ae6bb36b003423c632b5a7889f0c6f84f054eb2432200212bac6
                            • Instruction Fuzzy Hash: DDE092B496A62ECBCF50DF64D5446F8B6BCBB0B201F0069A5D40EA3252DA349A84CA05
                            Function 07591900 Relevance: .0, Instructions: 21COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2162183146.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7590000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 71be7c7f8ceb1bb6c5b59a9dd5b88e6f316f20062a0a9783667ef42029bbbcaf
                            • Instruction ID: 307fe0d08214d5b6e870be0b9ffba3351d50c58ddae1ce8f8a53f19fcc4f87b1
                            • Opcode Fuzzy Hash: 71be7c7f8ceb1bb6c5b59a9dd5b88e6f316f20062a0a9783667ef42029bbbcaf
                            • Instruction Fuzzy Hash: 36E08CB5D1F519DFCB00DB6485806F0B6FCBB1B200F0868B6800A97242C0319900CB29
                            Function 0115D530 Relevance: 6.1, APIs: 4, Instructions: 148threadCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            APIs
                            • GetCurrentProcess.KERNEL32 ref: 0115D5BE
                            • GetCurrentThread.KERNEL32 ref: 0115D5FB
                            • GetCurrentProcess.KERNEL32 ref: 0115D638
                            • GetCurrentThreadId.KERNEL32 ref: 0115D691
                            Memory Dump Source
                            • Source File: 00000000.00000002.2159285716.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1150000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: Current$ProcessThread
                            • String ID:
                            • API String ID: 2063062207-0
                            • Opcode ID: bcb1dfd5200cdaf920c941aa023d271b43176ae1171f0ab06f297c7262b2ef6b
                            • Instruction ID: 80e988492def11335b635b9b2fd64bf439fe7cdc106129342521a97fe98e4a27
                            • Opcode Fuzzy Hash: bcb1dfd5200cdaf920c941aa023d271b43176ae1171f0ab06f297c7262b2ef6b
                            • Instruction Fuzzy Hash: 625196B090024ACFDB48DFAAE948BEEBFF1FF88314F208459D519A7261DB745944CB61
                            Function 0115D53C Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            APIs
                            • GetCurrentProcess.KERNEL32 ref: 0115D5BE
                            • GetCurrentThread.KERNEL32 ref: 0115D5FB
                            • GetCurrentProcess.KERNEL32 ref: 0115D638
                            • GetCurrentThreadId.KERNEL32 ref: 0115D691
                            Memory Dump Source
                            • Source File: 00000000.00000002.2159285716.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1150000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: Current$ProcessThread
                            • String ID:
                            • API String ID: 2063062207-0
                            • Opcode ID: d592ab7282fc1774f4daf060502b3134c7c2181c72adc82b5f9f224dea967c6f
                            • Instruction ID: 22f4b7b3d397e224dd7445815a3609eb5d740447c246bad0e292fb1b523c105d
                            • Opcode Fuzzy Hash: d592ab7282fc1774f4daf060502b3134c7c2181c72adc82b5f9f224dea967c6f
                            • Instruction Fuzzy Hash: 445175B090024ACFDB48CFAAE948BDEBBF1FF88314F208459E519A7251DB745945CF25
                            Function 0115D540 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            APIs
                            • GetCurrentProcess.KERNEL32 ref: 0115D5BE
                            • GetCurrentThread.KERNEL32 ref: 0115D5FB
                            • GetCurrentProcess.KERNEL32 ref: 0115D638
                            • GetCurrentThreadId.KERNEL32 ref: 0115D691
                            Memory Dump Source
                            • Source File: 00000000.00000002.2159285716.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1150000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: Current$ProcessThread
                            • String ID:
                            • API String ID: 2063062207-0
                            • Opcode ID: 4aaf7c6babc5062e33a1c95535404c288dce3796ce69711ea9f6f41b7d8a4d21
                            • Instruction ID: d6649872dfde7d5b47a7782432403a3d735f9f58d075b8d3693edd0c8a5402f2
                            • Opcode Fuzzy Hash: 4aaf7c6babc5062e33a1c95535404c288dce3796ce69711ea9f6f41b7d8a4d21
                            • Instruction Fuzzy Hash: 745185B0900349CFDB48CFAAE948BDEBBF0FF88314F208459E519A7250DB746944CB25
                            Function 071EEB18 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 288 71eeb18-71eebad 290 71eebaf-71eebb9 288->290 291 71eebe6-71eec06 288->291 290->291 292 71eebbb-71eebbd 290->292 296 71eec3f-71eec6e 291->296 297 71eec08-71eec12 291->297 294 71eebbf-71eebc9 292->294 295 71eebe0-71eebe3 292->295 298 71eebcd-71eebdc 294->298 299 71eebcb 294->299 295->291 305 71eeca7-71eed61 CreateProcessA 296->305 306 71eec70-71eec7a 296->306 297->296 301 71eec14-71eec16 297->301 298->298 300 71eebde 298->300 299->298 300->295 302 71eec18-71eec22 301->302 303 71eec39-71eec3c 301->303 307 71eec26-71eec35 302->307 308 71eec24 302->308 303->296 319 71eed6a-71eedf0 305->319 320 71eed63-71eed69 305->320 306->305 309 71eec7c-71eec7e 306->309 307->307 310 71eec37 307->310 308->307 311 71eec80-71eec8a 309->311 312 71eeca1-71eeca4 309->312 310->303 314 71eec8e-71eec9d 311->314 315 71eec8c 311->315 312->305 314->314 316 71eec9f 314->316 315->314 316->312 330 71eedf2-71eedf6 319->330 331 71eee00-71eee04 319->331 320->319 330->331 332 71eedf8 330->332 333 71eee06-71eee0a 331->333 334 71eee14-71eee18 331->334 332->331 333->334 337 71eee0c 333->337 335 71eee1a-71eee1e 334->335 336 71eee28-71eee2c 334->336 335->336 338 71eee20 335->338 339 71eee3e-71eee45 336->339 340 71eee2e-71eee34 336->340 337->334 338->336 341 71eee5c 339->341 342 71eee47-71eee56 339->342 340->339 344 71eee5d 341->344 342->341 344->344
                            APIs
                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 071EED4E
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: CreateProcess
                            • String ID:
                            • API String ID: 963392458-0
                            • Opcode ID: bbd6b6b831cad28d08c3cc8fcd6d90c8a3768122735aeae7bb442c33c85ad111
                            • Instruction ID: 6ba5834f6f72b893dea5f6582aa93299c8d7e04bf7cca9211b49cc94b841c2f8
                            • Opcode Fuzzy Hash: bbd6b6b831cad28d08c3cc8fcd6d90c8a3768122735aeae7bb442c33c85ad111
                            • Instruction Fuzzy Hash: 1A916EB1D0061ACFEF25DF68C8417EDBBB6BF48314F1485A9E809A7280DB749985CF91
                            Function 0115B298 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 345 115b298-115b2b7 347 115b2e3-115b2e7 345->347 348 115b2b9-115b2c6 call 1159d14 345->348 349 115b2e9-115b2f3 347->349 350 115b2fb-115b33c 347->350 355 115b2dc 348->355 356 115b2c8 348->356 349->350 357 115b33e-115b346 350->357 358 115b349-115b357 350->358 355->347 401 115b2ce call 115b531 356->401 402 115b2ce call 115b540 356->402 357->358 360 115b359-115b35e 358->360 361 115b37b-115b37d 358->361 359 115b2d4-115b2d6 359->355 362 115b418-115b4d8 359->362 364 115b360-115b367 call 115af10 360->364 365 115b369 360->365 363 115b380-115b387 361->363 396 115b4e0-115b50b GetModuleHandleW 362->396 397 115b4da-115b4dd 362->397 367 115b394-115b39b 363->367 368 115b389-115b391 363->368 366 115b36b-115b379 364->366 365->366 366->363 370 115b39d-115b3a5 367->370 371 115b3a8-115b3b1 call 115af20 367->371 368->367 370->371 377 115b3b3-115b3bb 371->377 378 115b3be-115b3c3 371->378 377->378 379 115b3c5-115b3cc 378->379 380 115b3e1-115b3e5 378->380 379->380 382 115b3ce-115b3de call 115af30 call 115af40 379->382 383 115b3eb-115b3ee 380->383 382->380 386 115b411-115b417 383->386 387 115b3f0-115b40e 383->387 387->386 398 115b514-115b528 396->398 399 115b50d-115b513 396->399 397->396 399->398 401->359 402->359
                            APIs
                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0115B4FE
                            Memory Dump Source
                            • Source File: 00000000.00000002.2159285716.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1150000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: HandleModule
                            • String ID:
                            • API String ID: 4139908857-0
                            • Opcode ID: e8676f7e93656f18548c52187b492b68d8eeb7bbef01d7d851b33decf837a96d
                            • Instruction ID: 9553291e9bd9b43012f5212c2f72602c651650cbaa60a7ee78850d88b6520708
                            • Opcode Fuzzy Hash: e8676f7e93656f18548c52187b492b68d8eeb7bbef01d7d851b33decf837a96d
                            • Instruction Fuzzy Hash: E2815670A04B05CFD7A9DF29D04179ABBF2FF88204F008A2ED996DBA41D774E845CB95
                            Function 01154508 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 403 1154508-11559f9 CreateActCtxA 406 1155a02-1155a5c 403->406 407 11559fb-1155a01 403->407 414 1155a5e-1155a61 406->414 415 1155a6b-1155a6f 406->415 407->406 414->415 416 1155a71-1155a7d 415->416 417 1155a80 415->417 416->417 419 1155a81 417->419 419->419
                            APIs
                            • CreateActCtxA.KERNEL32(?), ref: 011559E9
                            Memory Dump Source
                            • Source File: 00000000.00000002.2159285716.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1150000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: Create
                            • String ID:
                            • API String ID: 2289755597-0
                            • Opcode ID: 20da3b02cfc42d75ea95765a907db76ee5c45fe467082a16e04c643b60558a78
                            • Instruction ID: e8738c453a9b03242b905d0aa5609af19bf68de0e6c86aa6697af3a4afb9208f
                            • Opcode Fuzzy Hash: 20da3b02cfc42d75ea95765a907db76ee5c45fe467082a16e04c643b60558a78
                            • Instruction Fuzzy Hash: 5C41E3B0C0071DCFEB68CFA9C944B9EBBB6BF48704F20815AD918AB251DB756945CF90
                            Function 0115592D Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 420 115592d-11559f9 CreateActCtxA 422 1155a02-1155a5c 420->422 423 11559fb-1155a01 420->423 430 1155a5e-1155a61 422->430 431 1155a6b-1155a6f 422->431 423->422 430->431 432 1155a71-1155a7d 431->432 433 1155a80 431->433 432->433 435 1155a81 433->435 435->435
                            APIs
                            • CreateActCtxA.KERNEL32(?), ref: 011559E9
                            Memory Dump Source
                            • Source File: 00000000.00000002.2159285716.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1150000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: Create
                            • String ID:
                            • API String ID: 2289755597-0
                            • Opcode ID: bfb555c0227a362361c98cebb6a3edf45a10ec18debca2223528343d8aceea06
                            • Instruction ID: 4d51929bc8b19ec5af193959eae1e0d1121d09ab43d3822247006bb7cbebff9e
                            • Opcode Fuzzy Hash: bfb555c0227a362361c98cebb6a3edf45a10ec18debca2223528343d8aceea06
                            • Instruction Fuzzy Hash: 5D41E1B0C00719CFEB64CFA9C984B9EBBB2BF49304F24815AD418AB251DB75694ACF50
                            Function 071CBFF0 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 436 71cbff0-71cc002 437 71cc00a-71cc015 436->437 438 71cc005 call 71caf40 436->438 439 71cc02a-71cc0bc CreateIconFromResourceEx 437->439 440 71cc017-71cc027 437->440 438->437 444 71cc0be-71cc0c4 439->444 445 71cc0c5-71cc0e2 439->445 444->445
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161733155.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71c0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: CreateFromIconResource
                            • String ID:
                            • API String ID: 3668623891-0
                            • Opcode ID: a69287abac7d3bf0b568494576d1523ba2c2ea06a7ca5a6e74e943bf1df21969
                            • Instruction ID: f3ade473c202096cfba40e77d6003f40bfd66497c699fd10380153754910e811
                            • Opcode Fuzzy Hash: a69287abac7d3bf0b568494576d1523ba2c2ea06a7ca5a6e74e943bf1df21969
                            • Instruction Fuzzy Hash: 0131AD729043899FDB12CFA9D804ADEBFF8EF09310F14805AF954AB261C3359854CFA1
                            Function 071EE888 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 448 71ee888-71ee8de 451 71ee8ee-71ee92d WriteProcessMemory 448->451 452 71ee8e0-71ee8ec 448->452 454 71ee92f-71ee935 451->454 455 71ee936-71ee966 451->455 452->451 454->455
                            APIs
                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 071EE920
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: MemoryProcessWrite
                            • String ID:
                            • API String ID: 3559483778-0
                            • Opcode ID: 079c5d48f5b50a749081296e3d6ab6694dd8301ba8d74321049bee39abf9796a
                            • Instruction ID: 75f2ac3ed45f5d5bf68d16ae824146acdfcc8e787974431fddb145c08eb5d2f8
                            • Opcode Fuzzy Hash: 079c5d48f5b50a749081296e3d6ab6694dd8301ba8d74321049bee39abf9796a
                            • Instruction Fuzzy Hash: C0215AB59003499FDF10CFA9D885BDEBBF4FF48320F10842AE918A7241C7789954CBA4
                            Function 071CA2B9 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 459 71ca2b9-71ca30c 461 71ca30e-71ca314 459->461 462 71ca317-71ca326 459->462 461->462 463 71ca328 462->463 464 71ca32b-71ca364 DrawTextExW 462->464 463->464 465 71ca36d-71ca38a 464->465 466 71ca366-71ca36c 464->466 466->465
                            APIs
                            • DrawTextExW.USER32(?,?,?,?,?,?), ref: 071CA357
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161733155.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71c0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: DrawText
                            • String ID:
                            • API String ID: 2175133113-0
                            • Opcode ID: 3a5e879585c9ff1c8186a55cc253f3f2fc6fe7f152becc2bf9eb1be4e6c7b562
                            • Instruction ID: 426eb5e93a048b6b8f39a1abe5019d1a0795aa3bac654929ebf6b66a07f91aa8
                            • Opcode Fuzzy Hash: 3a5e879585c9ff1c8186a55cc253f3f2fc6fe7f152becc2bf9eb1be4e6c7b562
                            • Instruction Fuzzy Hash: FC31C2B590024A9FDB11CF9AD884ADEFBF4BF58320F14842EE919A7250D774A944CFA0
                            Function 071EE890 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 478 71ee890-71ee8de 480 71ee8ee-71ee92d WriteProcessMemory 478->480 481 71ee8e0-71ee8ec 478->481 483 71ee92f-71ee935 480->483 484 71ee936-71ee966 480->484 481->480 483->484
                            APIs
                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 071EE920
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: MemoryProcessWrite
                            • String ID:
                            • API String ID: 3559483778-0
                            • Opcode ID: 0f3832e6834b2c6364a01a01319df54a59fba854ca6543d1f09a1454dd9e33b3
                            • Instruction ID: d0a0c6ec07b899e4a6d299351a9cbea7973c7c9ee953e95de642fa05675415c8
                            • Opcode Fuzzy Hash: 0f3832e6834b2c6364a01a01319df54a59fba854ca6543d1f09a1454dd9e33b3
                            • Instruction Fuzzy Hash: A02127B19003499FDF10CFA9C885BDEBBF5FF48310F108429E918A7240C778A954CBA4
                            Function 071CA2C0 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 469 71ca2c0-71ca30c 470 71ca30e-71ca314 469->470 471 71ca317-71ca326 469->471 470->471 472 71ca328 471->472 473 71ca32b-71ca364 DrawTextExW 471->473 472->473 474 71ca36d-71ca38a 473->474 475 71ca366-71ca36c 473->475 475->474
                            APIs
                            • DrawTextExW.USER32(?,?,?,?,?,?), ref: 071CA357
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161733155.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71c0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: DrawText
                            • String ID:
                            • API String ID: 2175133113-0
                            • Opcode ID: ee1f659efef08d89afcd30880f60e5e22957ddccfc4e9b74446b840f61cafa08
                            • Instruction ID: c432e62ba1c55d4d1d70cf796ece32095235cdb97701ae4acde10043237f8957
                            • Opcode Fuzzy Hash: ee1f659efef08d89afcd30880f60e5e22957ddccfc4e9b74446b840f61cafa08
                            • Instruction Fuzzy Hash: A621C0B5D0024A9FDB11CF9AD884A9EFBF4BF58320F14842EE919A7250D774A944CFA0
                            Function 071EE6F1 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 488 71ee6f1-71ee743 491 71ee745-71ee751 488->491 492 71ee753-71ee783 Wow64SetThreadContext 488->492 491->492 494 71ee78c-71ee7bc 492->494 495 71ee785-71ee78b 492->495 495->494
                            APIs
                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 071EE776
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: ContextThreadWow64
                            • String ID:
                            • API String ID: 983334009-0
                            • Opcode ID: 79cbe4ee4a94fddd317d8697f5ee583362d3ddfcd6dd36cab02f13fd5c8f3a0c
                            • Instruction ID: 9a9165607e48481b10b9b5b1ad9b2779ff92a90d31800f4371fc6cf44dc5c745
                            • Opcode Fuzzy Hash: 79cbe4ee4a94fddd317d8697f5ee583362d3ddfcd6dd36cab02f13fd5c8f3a0c
                            • Instruction Fuzzy Hash: 4C2128B1D003099FEB10DFAAC8857EEFBF4AF88320F148429D519A7241CB78A544CFA5
                            Function 071EE979 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                            Download Yara Rule
                            APIs
                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 071EEA00
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: MemoryProcessRead
                            • String ID:
                            • API String ID: 1726664587-0
                            • Opcode ID: 031fb25c5b9a9d11e711a790197a02495d6a11c3a8368c6eb92f57a08995b3e3
                            • Instruction ID: bb1aea24189a4c9f9175016ce4e68be7c83d12c564c74a0f52b22fad6ca124ee
                            • Opcode Fuzzy Hash: 031fb25c5b9a9d11e711a790197a02495d6a11c3a8368c6eb92f57a08995b3e3
                            • Instruction Fuzzy Hash: 692127B18003499FDB10CFAAD881ADEBBF5FF88720F10842AE518A7240C7789554CBA1
                            Function 0115D780 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                            Download Yara Rule
                            APIs
                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0115D80F
                            Memory Dump Source
                            • Source File: 00000000.00000002.2159285716.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1150000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: DuplicateHandle
                            • String ID:
                            • API String ID: 3793708945-0
                            • Opcode ID: 0b5f761988930c372caa1ec5504a58fa38d1be89c8d12a32f5eba6c4e0133d25
                            • Instruction ID: b1491039c533a6bc121ed5e3bc7326fe26995c101cb79cba1532588cd48fb8a8
                            • Opcode Fuzzy Hash: 0b5f761988930c372caa1ec5504a58fa38d1be89c8d12a32f5eba6c4e0133d25
                            • Instruction Fuzzy Hash: A421E5B5900249DFDB10CFA9D984ADEBFF4FB48320F14846AE918A7350D379A954CFA0
                            Function 071EE6F8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                            Download Yara Rule
                            APIs
                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 071EE776
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: ContextThreadWow64
                            • String ID:
                            • API String ID: 983334009-0
                            • Opcode ID: 0a8725fb9954341dec7ec02cc7d855ea2760e03c4e2fcbb7b36a1e6c7efefe20
                            • Instruction ID: 58fd6d4bb5d4e79a24482f134b796fd32d93ee3efd5df8aa1d4ff1657a806f8b
                            • Opcode Fuzzy Hash: 0a8725fb9954341dec7ec02cc7d855ea2760e03c4e2fcbb7b36a1e6c7efefe20
                            • Instruction Fuzzy Hash: A22129B1D003499FEB10DFAAC4857EEBBF4EF88324F148429D519A7240DB78A944CFA5
                            Function 071EE980 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                            Download Yara Rule
                            APIs
                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 071EEA00
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: MemoryProcessRead
                            • String ID:
                            • API String ID: 1726664587-0
                            • Opcode ID: 76c856f4e974216f8fa23026b2b2a9f55eb2d9ab1142497761c04bfd10af5384
                            • Instruction ID: 8f69e0fa6c9ee7c46448e309b8807e2b75cabb2f32470b7868abe0b2225ab39b
                            • Opcode Fuzzy Hash: 76c856f4e974216f8fa23026b2b2a9f55eb2d9ab1142497761c04bfd10af5384
                            • Instruction Fuzzy Hash: 972116B18003499FDB10CFAAC885ADEBBF5FF88710F108429E518A7240D7789554CBA4
                            Function 0115D788 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                            Download Yara Rule
                            APIs
                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0115D80F
                            Memory Dump Source
                            • Source File: 00000000.00000002.2159285716.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1150000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: DuplicateHandle
                            • String ID:
                            • API String ID: 3793708945-0
                            • Opcode ID: 74858fe88f0f9431908997149f5657cd909a18b13cdbd818cd4e2de2ca2c9515
                            • Instruction ID: 0b4a670b167955b8ccd95d4871919574b2243e86bfa0deffae53f54ec61177bf
                            • Opcode Fuzzy Hash: 74858fe88f0f9431908997149f5657cd909a18b13cdbd818cd4e2de2ca2c9515
                            • Instruction Fuzzy Hash: A921B3B5900249DFDB10CFAAD984ADEBFF5FB48320F14841AE918A7250D378A954CFA5
                            Function 071EE7C8 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                            Download Yara Rule
                            APIs
                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 071EE83E
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: AllocVirtual
                            • String ID:
                            • API String ID: 4275171209-0
                            • Opcode ID: af6e70999b2b47f91f6a8eb204e172624e71171cc9c58511c34095823760ac9e
                            • Instruction ID: a9733c18bf51230a9db04ca1a510d9bbaed518c92b4e844e6a4ba630b580f98b
                            • Opcode Fuzzy Hash: af6e70999b2b47f91f6a8eb204e172624e71171cc9c58511c34095823760ac9e
                            • Instruction Fuzzy Hash: 52214A768002499FEB10CFAAC845BDFBFF9EF88720F148819E615A7250CB75A554CBA1
                            Function 071CAF40 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                            Download Yara Rule
                            APIs
                            • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,071CC00A,?,?,?,?,?), ref: 071CC0AF
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161733155.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71c0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: CreateFromIconResource
                            • String ID:
                            • API String ID: 3668623891-0
                            • Opcode ID: 399d6b9c706639c0af8332402ae662a8e8fbdcc9602eacba4b304309b6905042
                            • Instruction ID: f37e05ed8bfae6d8b8858dbd3ac8fb280b4285fe4ff097f653370e259ca14476
                            • Opcode Fuzzy Hash: 399d6b9c706639c0af8332402ae662a8e8fbdcc9602eacba4b304309b6905042
                            • Instruction Fuzzy Hash: E01129B58003499FDB10CF9AC844BDEBFF8EB48320F14841AEA18A7250C379A954CFA5
                            Function 071EE640 Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: ResumeThread
                            • String ID:
                            • API String ID: 947044025-0
                            • Opcode ID: 55166ad75e2dd9971dabcbf9a0daf94226c288951cc64d61aaa5bc3bee929d8f
                            • Instruction ID: 3d0ae154d36246e5b1ef2cb536dd2d7dc23f84a77b9f1630330c72b460ee4f4b
                            • Opcode Fuzzy Hash: 55166ad75e2dd9971dabcbf9a0daf94226c288951cc64d61aaa5bc3bee929d8f
                            • Instruction Fuzzy Hash: 181149B1D003498FEB14DFAAD8457DEFBF4AF88724F24841ED519A7240CB796544CBA4
                            Function 071EE7D0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                            Download Yara Rule
                            APIs
                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 071EE83E
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: AllocVirtual
                            • String ID:
                            • API String ID: 4275171209-0
                            • Opcode ID: dd77a7397dc89db15b46afe6de0ccb6959ddf5a941d060dfd483c3313a71fb9f
                            • Instruction ID: 066046f5f8eb82614ee318bdde7466d030eea18c4314d2f7da35b29f18f9d3c6
                            • Opcode Fuzzy Hash: dd77a7397dc89db15b46afe6de0ccb6959ddf5a941d060dfd483c3313a71fb9f
                            • Instruction Fuzzy Hash: 941129718002499FEF10DFAAC845BDFBFF5EF88720F148819E515A7250C775A554CBA1
                            Function 071EE648 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: ResumeThread
                            • String ID:
                            • API String ID: 947044025-0
                            • Opcode ID: 45d36a4f85ac96db91a9efc40e2be37dc7b6ead0f07c14962bc788e41a0d24c9
                            • Instruction ID: 3dbca8aaddb2f36286ffade9e2693c8522dca1e4ba0b636f9bb310e3dd6e7615
                            • Opcode Fuzzy Hash: 45d36a4f85ac96db91a9efc40e2be37dc7b6ead0f07c14962bc788e41a0d24c9
                            • Instruction Fuzzy Hash: E8113AB1D003498FEB14DFAAC44579EFBF4AF88724F248819D519A7240CB796544CBA4
                            Function 07592D70 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                            Download Yara Rule
                            APIs
                            • PostMessageW.USER32(?,?,?,?), ref: 07592DD5
                            Memory Dump Source
                            • Source File: 00000000.00000002.2162183146.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7590000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: MessagePost
                            • String ID:
                            • API String ID: 410705778-0
                            • Opcode ID: 6ca8f038caab5d1d1c9e52ccec62b1fe3acb4cf3eb5033fc73fd8935fc9b9eb1
                            • Instruction ID: 891bfd09789d0fa027cf173d6207897498f63430101ac50e2b2fbb1a143e5701
                            • Opcode Fuzzy Hash: 6ca8f038caab5d1d1c9e52ccec62b1fe3acb4cf3eb5033fc73fd8935fc9b9eb1
                            • Instruction Fuzzy Hash: 911125B68003499FDB10CF9AD845BDEBFF8FB48324F10845AE514A7640C375A584CFA1
                            Function 0115B498 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                            Download Yara Rule
                            APIs
                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0115B4FE
                            Memory Dump Source
                            • Source File: 00000000.00000002.2159285716.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1150000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: HandleModule
                            • String ID:
                            • API String ID: 4139908857-0
                            • Opcode ID: aa2710031b6eae4eba68c1efe0669f4b76fce247a49fe30c5d537d343fbaa4ad
                            • Instruction ID: 579765d19fa563775bad3cd8a75f78442ae028330582c096157e0f3f181d6726
                            • Opcode Fuzzy Hash: aa2710031b6eae4eba68c1efe0669f4b76fce247a49fe30c5d537d343fbaa4ad
                            • Instruction Fuzzy Hash: DB110FB6C04249CFDB24CF9AC444A9EFBF5AB88324F10841AD929B7200D379A545CFA5
                            Function 07592D78 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                            Download Yara Rule
                            APIs
                            • PostMessageW.USER32(?,?,?,?), ref: 07592DD5
                            Memory Dump Source
                            • Source File: 00000000.00000002.2162183146.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7590000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: MessagePost
                            • String ID:
                            • API String ID: 410705778-0
                            • Opcode ID: 1ffa3c5120226c786b4c52b06e42032cb38b022610f1176a89d8f398cb8052f6
                            • Instruction ID: f47cb227bf5fce3e4b597aaa9b7345b3e49c34f1ff7fa7e809101bb12cc1bec0
                            • Opcode Fuzzy Hash: 1ffa3c5120226c786b4c52b06e42032cb38b022610f1176a89d8f398cb8052f6
                            • Instruction Fuzzy Hash: 0C11D3B58003499FDB10CF9AC945BDEBBF8FB48724F10845AE518A7640C375A544CFA1
                            Function 071CDF00 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                            Download Yara Rule
                            APIs
                            • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,071CDDB9,?,?), ref: 071CDF60
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161733155.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71c0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: CloseHandle
                            • String ID:
                            • API String ID: 2962429428-0
                            • Opcode ID: e44fa028861bcf269ec27a447359e97a7e29a523ec540eb0a69035bde4ac91ac
                            • Instruction ID: b8bc17db2c53225b1ac5e818313647b8ff0ae6f20b26c6fb44d109c3365de8a3
                            • Opcode Fuzzy Hash: e44fa028861bcf269ec27a447359e97a7e29a523ec540eb0a69035bde4ac91ac
                            • Instruction Fuzzy Hash: A01125B6800249CFDB10DFAAD545BDEBFF4EB48320F20841AE558A7640D778A585CFA5
                            Function 071CD644 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                            Download Yara Rule
                            APIs
                            • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,071CDDB9,?,?), ref: 071CDF60
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161733155.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71c0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID: CloseHandle
                            • String ID:
                            • API String ID: 2962429428-0
                            • Opcode ID: 8840fbd7d03f36f567a5c4869bb39b4cd7d024458b95977a94e27b4017f8be86
                            • Instruction ID: 04555087ca61dfdf3730e5e41633ab93b7644cde9931a67a1083ccd5401c400a
                            • Opcode Fuzzy Hash: 8840fbd7d03f36f567a5c4869bb39b4cd7d024458b95977a94e27b4017f8be86
                            • Instruction Fuzzy Hash: CF1125B1904349CFDB10DF9AD545BDEBBF8FB48320F108429E958A7280D778A945CFA5
                            Function 071FB62B Relevance: .4, Instructions: 410COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 528c77f759c7d650fe49536d0ac4bcac9317d66a1691210e535e31c050d3382f
                            • Instruction ID: c83f845a3020590f559943d4dd0e3280988e42347cf588a48d9751020fefee1e
                            • Opcode Fuzzy Hash: 528c77f759c7d650fe49536d0ac4bcac9317d66a1691210e535e31c050d3382f
                            • Instruction Fuzzy Hash: 8C0215B4600205CFDB19DF68D498AAD7BF2FF89310F5581A8E5099B7A1CB34EC86CB50
                            Function 071FD580 Relevance: .3, Instructions: 295COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 14cd8d473ed29ae5075a7209962f310c10f66f423309f269f3d7dbf8098ea8ec
                            • Instruction ID: c7bae3cb95a3d704bee853d7a260f532a3017a25e82950641fb2894bbe71aac7
                            • Opcode Fuzzy Hash: 14cd8d473ed29ae5075a7209962f310c10f66f423309f269f3d7dbf8098ea8ec
                            • Instruction Fuzzy Hash: EBC14674B00205CFCB19DF68D594AADBBF2FF89324B1545A8E506AB3A1CB31EC41CB50
                            Function 071F3528 Relevance: .2, Instructions: 167COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e180f98d145e45ab2f0fa210ca78a244221b13168c2f4d04491351e9a0c8335d
                            • Instruction ID: fc7fd83ac26df9b3a10c32d3b6bbd8976701447131ef86367aecb9fc304a0250
                            • Opcode Fuzzy Hash: e180f98d145e45ab2f0fa210ca78a244221b13168c2f4d04491351e9a0c8335d
                            • Instruction Fuzzy Hash: 5A518BB0700602CFDB19EB68C494B6ABBB6AF89314F14416DE61ADB3A1CB71EC41CB50
                            Function 071FE7B0 Relevance: .2, Instructions: 150COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1829baad7966c72c873168b7d519f3bed93b394c3ef765e647faad1ddd0c7afe
                            • Instruction ID: 5cdf1a88be14fab25624f09571efca1a843f5bda5da4de9b79568bc78c0d2a05
                            • Opcode Fuzzy Hash: 1829baad7966c72c873168b7d519f3bed93b394c3ef765e647faad1ddd0c7afe
                            • Instruction Fuzzy Hash: 3B518D707001468FDB19DF74C994AA9BBB1FF89704F1581A9E545DB2B1CB35EC48CB50
                            Function 071FD570 Relevance: .1, Instructions: 139COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 18131c04c2916fd55ec0b8e5fb2997edd51169ae6b64de9116fb0bdf78ad695a
                            • Instruction ID: ddfc64565948d1b4ac4cfcc0a651595da3aefb4075af3f681a99b7e0bf881d25
                            • Opcode Fuzzy Hash: 18131c04c2916fd55ec0b8e5fb2997edd51169ae6b64de9116fb0bdf78ad695a
                            • Instruction Fuzzy Hash: 9B5123B5B00605CFCB18DF68D598AA9BBF1BF49324B1545A8E50AEB3B1DB31EC40CB50
                            Function 071F3518 Relevance: .1, Instructions: 130COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9afbc448c047b58eebcd8f12e924abd9532ad6e73795170a71d5931c0931bdd8
                            • Instruction ID: 1437eafa90be32d66dbe227d69a3bfa8f0de25b86dcdc2a0bb82f6ed65b72bf3
                            • Opcode Fuzzy Hash: 9afbc448c047b58eebcd8f12e924abd9532ad6e73795170a71d5931c0931bdd8
                            • Instruction Fuzzy Hash: C441CDB0700202CFCB19EB68C494BAEBBF6AF89314F15416DE6199B3A1CB71EC41CB50
                            Function 071FC140 Relevance: .1, Instructions: 117COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1af5e6f4c390dd123b94042cbd721fcecf2608b83eed4317d8bd39ed17c1ca78
                            • Instruction ID: a82b1b8422625b75160248be218afae71ae35110147b240b05d85cceaa469722
                            • Opcode Fuzzy Hash: 1af5e6f4c390dd123b94042cbd721fcecf2608b83eed4317d8bd39ed17c1ca78
                            • Instruction Fuzzy Hash: 1F416370700A06DFDB29AF64C884B6AB3A2FFC5310F144529D2468B2E1CF75AC46DBA1
                            Function 071F5DE8 Relevance: .1, Instructions: 116COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5c5eaeb7eeb382205db06fb60632cdced5f992ad26af8b8c770148c5a37496b2
                            • Instruction ID: 936448c7612d91a0e8c1062f95d22481e21986137e07f84778debc06b752c968
                            • Opcode Fuzzy Hash: 5c5eaeb7eeb382205db06fb60632cdced5f992ad26af8b8c770148c5a37496b2
                            • Instruction Fuzzy Hash: 064123B17016029FCB29DA28C414BAAB7E6FFC5310F04856ED61ACB680CB74E855CB91
                            Function 071FC130 Relevance: .1, Instructions: 115COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a1ed98186210f4011df216c015e5afcb1b1b7c0d55345ca5746631f5feed70c7
                            • Instruction ID: 874d82844412b95651309202ba25b1bd48334808527dbbc5d4a71f717e12931a
                            • Opcode Fuzzy Hash: a1ed98186210f4011df216c015e5afcb1b1b7c0d55345ca5746631f5feed70c7
                            • Instruction Fuzzy Hash: FB4174B0300A06DFDB29EF64C894B7AB3B2FF85310F14456DD2458B2E1CB75A846DBA1
                            Function 071F8A70 Relevance: .1, Instructions: 107COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8d90b93730cbdab5a28b37357e2ab01eda18e000f320b3a47a6ca633bf0371c7
                            • Instruction ID: e129027b97e29bbcf75cb8e1e6f80c013dd8df6edbbef609c50eb1535e3ef454
                            • Opcode Fuzzy Hash: 8d90b93730cbdab5a28b37357e2ab01eda18e000f320b3a47a6ca633bf0371c7
                            • Instruction Fuzzy Hash: C1417CB0300A218FDB15AF38D45866D7BE6FF89211B14466EE14ACB3A0EF34E906CB55
                            Function 071F8A80 Relevance: .1, Instructions: 102COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 66a3ce4bf5a798d18ebea8b36cb3296489d3c175e15efa8fe3e792fc7b98050e
                            • Instruction ID: 96436879230c1b213157b88ebe5410bd99021ff9100aafd7d1d7522cdcd87cf5
                            • Opcode Fuzzy Hash: 66a3ce4bf5a798d18ebea8b36cb3296489d3c175e15efa8fe3e792fc7b98050e
                            • Instruction Fuzzy Hash: 62315DB0310A218FD715AF38D45866E7BE6FF89711B14466DE10ACB3A0EF34E906CB95
                            Function 071FCCE0 Relevance: .1, Instructions: 101COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6c4daeacec6fd2319b3b81ff4c1130a602ed0bafcd9ee59c0cceaecf588df19a
                            • Instruction ID: d09da891bd84741f85e49a11653f489e6d478d0b764ba22433692bfa5db2a850
                            • Opcode Fuzzy Hash: 6c4daeacec6fd2319b3b81ff4c1130a602ed0bafcd9ee59c0cceaecf588df19a
                            • Instruction Fuzzy Hash: 5F313AB43006028FDB19DF29D494B6A77A6AF84714F0584A9E64ACB3A1DF70E841CB90
                            Function 071FE9AC Relevance: .1, Instructions: 100COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fcc60af52f67faa9aa39dbaa153c7d46615a072fe814389b203b3af340427772
                            • Instruction ID: 947c0560200de6269778e602e3e008fb8a1749d7d5bea2957e02272ebd3c05e5
                            • Opcode Fuzzy Hash: fcc60af52f67faa9aa39dbaa153c7d46615a072fe814389b203b3af340427772
                            • Instruction Fuzzy Hash: 88415E70200701CFD769DB38C459B593BA2BF85724F15856AE25ADB2F1DF74A88ACB40
                            Function 071FFD38 Relevance: .1, Instructions: 98COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9dac092353a4e616e9c9db7206f5884d9dd3fa93d2b35f39a950eb82221f93f6
                            • Instruction ID: fe62803209b4183bd4cbdc15a4f7795abe04bd0401462c62a3894a7976578f0e
                            • Opcode Fuzzy Hash: 9dac092353a4e616e9c9db7206f5884d9dd3fa93d2b35f39a950eb82221f93f6
                            • Instruction Fuzzy Hash: 0D315AB57002159FCB15DF68C884AAD7BB6FF88620F154296E625DB2F1CBB0DD02CB90
                            Function 071F6589 Relevance: .1, Instructions: 95COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 56afd73da6bfa9348437c4488bb93a3e120853eb779b6a4cffb1dc7b4de335d1
                            • Instruction ID: 98d1e84d249a5215fe496d6776399969cbae92858e566375d6c5fb512e1b026a
                            • Opcode Fuzzy Hash: 56afd73da6bfa9348437c4488bb93a3e120853eb779b6a4cffb1dc7b4de335d1
                            • Instruction Fuzzy Hash: 83318C75B00600CFC709DF68C49498ABBF2FF8C320B1980A9D515AB3A2CB31EC46CB21
                            Function 071FFD48 Relevance: .1, Instructions: 95COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dfe2a9a621e357609402bb87733edb0b2711f8560eca329ea6021d249e4a83db
                            • Instruction ID: 3c998671c3b0ad76595a930fa50c1b030806e6f07e4d7a02ef461f40b8ac7225
                            • Opcode Fuzzy Hash: dfe2a9a621e357609402bb87733edb0b2711f8560eca329ea6021d249e4a83db
                            • Instruction Fuzzy Hash: 16310C75B002159FCB15DF68C884A6D7BB6FF88620F15425AE6159B3F1CBB1DD02CB90
                            Function 071FD2C0 Relevance: .1, Instructions: 93COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c67b5bb6ceabcde36a8e4ed275de1af2ca36f40928cae9df21cea0041532a392
                            • Instruction ID: 3c2208d23b1bd35a10a4bd8475f411003f906875b062289fe9b511e598193adb
                            • Opcode Fuzzy Hash: c67b5bb6ceabcde36a8e4ed275de1af2ca36f40928cae9df21cea0041532a392
                            • Instruction Fuzzy Hash: 15313AB53006028FC719DF28D494B6977B5BF89714F1680A9E68ACB3B1DB70E845CB50
                            Function 071F7ED8 Relevance: .1, Instructions: 92COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1f846e39da778389acc83b98712fea109ca0c3dec13ce1df2ff4e6ab8688483d
                            • Instruction ID: 0f5a4b183cbd15f175811ab495577896952bea9d2a7765f48d24e38f950b2279
                            • Opcode Fuzzy Hash: 1f846e39da778389acc83b98712fea109ca0c3dec13ce1df2ff4e6ab8688483d
                            • Instruction Fuzzy Hash: 16318A70720511CF9B199B2AC84892ABFE6AFC96117884529E61ACB7E0DF34DC01CB41
                            Function 071F3864 Relevance: .1, Instructions: 88COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a84a1b0eb64c067a61c03f3297b875c94d93640924e008e15e3ff0df8440dcef
                            • Instruction ID: bc53b4c73784ccd3c488e4948a042aeea73fc66d3f557cb617c50d0d5091b3e8
                            • Opcode Fuzzy Hash: a84a1b0eb64c067a61c03f3297b875c94d93640924e008e15e3ff0df8440dcef
                            • Instruction Fuzzy Hash: A5311A75A61219DFCB08DFA9D894DADF7B5FF88700F1185A9EA15AB361C730A900CF50
                            Function 071F7EC8 Relevance: .1, Instructions: 87COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 14d4e4f817f25233b86c509f0e23ef8359efdde1bdd35c9bf8d9957901cf8e7a
                            • Instruction ID: dcfdb76331f8d8adeaaba6cda390056371b9de7b5966715652c28309d68f266a
                            • Opcode Fuzzy Hash: 14d4e4f817f25233b86c509f0e23ef8359efdde1bdd35c9bf8d9957901cf8e7a
                            • Instruction Fuzzy Hash: 9D3189B03106128FCB169B29C89992DBFF6EF89601749459AE616CB3E1CF30EC01CB41
                            Function 071F4528 Relevance: .1, Instructions: 86COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0c63bcec9767534c79d28d815da8a19cbe914578e16074379843132d67ccf1c1
                            • Instruction ID: d67023f69dd0511d40997cfc7439d88348fd820242457c98d22f408710c9579f
                            • Opcode Fuzzy Hash: 0c63bcec9767534c79d28d815da8a19cbe914578e16074379843132d67ccf1c1
                            • Instruction Fuzzy Hash: 8921AEB57102468FCB19EB6CE41495E77FAAF8962471140AADE05CB3B1EF31DC01CB90
                            Function 071FCFC0 Relevance: .1, Instructions: 84COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d6ff5f6c289ae140f214091e3795b615fd42d1cead2e661d731cef265c088b58
                            • Instruction ID: 965097c808893d8cede8a33f3c7be69fde20dc530a01e1716d2d7712896961cf
                            • Opcode Fuzzy Hash: d6ff5f6c289ae140f214091e3795b615fd42d1cead2e661d731cef265c088b58
                            • Instruction Fuzzy Hash: C4316070200601CFD769DF28C849B567BA5FF80724F11C669E65A8B2F1DF74E88ACB40
                            Function 071FDBB8 Relevance: .1, Instructions: 84COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8743c5cf548578439091bf90cfa61982c773553dc4beb5898a55038fc33f33aa
                            • Instruction ID: 95e7784ef8c372b93dd5d1cf879b99b2c05797629b690582e09e1b61717ab93e
                            • Opcode Fuzzy Hash: 8743c5cf548578439091bf90cfa61982c773553dc4beb5898a55038fc33f33aa
                            • Instruction Fuzzy Hash: FB21D4B07201198B5B1A6B78A43423F3A979FC5640709002ED707CB3C4DFB5CC0287E2
                            Function 071FD875 Relevance: .1, Instructions: 79COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2b0eeb90864b69745b7c1f9bc4594658d406254ee1be4737a374871202f66377
                            • Instruction ID: 4d88bfa1e75d4e265f77134a25dc083b4036e4e6f37ce238a0dcf84b08a7a217
                            • Opcode Fuzzy Hash: 2b0eeb90864b69745b7c1f9bc4594658d406254ee1be4737a374871202f66377
                            • Instruction Fuzzy Hash: C03148B0B00209CFCB19DF64D564AAD7BF2BF88310F159069D645AB290DB35EC45CB61
                            Function 010FD1FC Relevance: .1, Instructions: 76COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2158993662.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_10fd000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 56e639bab81c2304ccd9d19d7e86e0fd0e17d7fda6591e169e47be9ce8eb210a
                            • Instruction ID: 56ed985e337d8dc87f4272a15cef8a8d01e979518cea45a384ede40502989570
                            • Opcode Fuzzy Hash: 56e639bab81c2304ccd9d19d7e86e0fd0e17d7fda6591e169e47be9ce8eb210a
                            • Instruction Fuzzy Hash: 8321367A504200DFDB85DF84D9C0B2ABFA1FB98320F20C1ADEE490B656C336D416CBA1
                            Function 010FD4C4 Relevance: .1, Instructions: 75COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2158993662.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_10fd000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8db66d02e5a469cdc8d52c5ddc71ca002ce357a887feb1f473cd923c2d4048ed
                            • Instruction ID: 75783d6d99ce24f9969a0f48d09d5d32405565c030116a753220358d32484d06
                            • Opcode Fuzzy Hash: 8db66d02e5a469cdc8d52c5ddc71ca002ce357a887feb1f473cd923c2d4048ed
                            • Instruction Fuzzy Hash: 7E2145B2500240EFDB05DF54D9C5B2ABFA1FB88718F20C1ADEA490B656C336D456CBA2
                            Function 071FD460 Relevance: .1, Instructions: 75COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: eaa784b3a48f003f771d3270002d5d8d86d743c12cddc8e600a9786645afa819
                            • Instruction ID: b761cefbc50f0eaf204ede8d824967fa0412682042ddfe3cd4af723a0108f4ef
                            • Opcode Fuzzy Hash: eaa784b3a48f003f771d3270002d5d8d86d743c12cddc8e600a9786645afa819
                            • Instruction Fuzzy Hash: DE314D702006018FC765DB38D858BA57BF2FF85315F1584ADE19ECB2A1DF75A88ACB40
                            Function 071FCD24 Relevance: .1, Instructions: 74COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0a22bd2a503cb7f1feb4efb49c9df5ef2789489cc9e42d0692ce29a99a78daab
                            • Instruction ID: 18a2d4e5d2069a776a93c868aea46f29978059783193ca166bb7c07d0a8c7e98
                            • Opcode Fuzzy Hash: 0a22bd2a503cb7f1feb4efb49c9df5ef2789489cc9e42d0692ce29a99a78daab
                            • Instruction Fuzzy Hash: A4312B70210601CFC7559B28D858BA677B2FF85315F1585A9E19ECB2A1CF74A88ACB40
                            Function 071FDBA7 Relevance: .1, Instructions: 73COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1b650dafaccd4c1241d56f5fa4029aafe3bcb1492e98977264af2ec3922330b9
                            • Instruction ID: 446d405158a70faf65292e281157f5ccfaa3bd7a46aed04d086e505af0b4a150
                            • Opcode Fuzzy Hash: 1b650dafaccd4c1241d56f5fa4029aafe3bcb1492e98977264af2ec3922330b9
                            • Instruction Fuzzy Hash: E511B1B47245118B8B0A6B38A17527E3FA79FC564170A016FD746CB3D1EFA5CC0287D2
                            Function 0110D1D4 Relevance: .1, Instructions: 72COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2159066004.000000000110D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0110D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_110d000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1af020d1df469ea444bf7665c661f5ce4801c583b76d89a88fa9d51ec4065e52
                            • Instruction ID: 66af42cc0bb58206caae7c259cd74410c4f0cfb1b8e95ffba7f8906d44903689
                            • Opcode Fuzzy Hash: 1af020d1df469ea444bf7665c661f5ce4801c583b76d89a88fa9d51ec4065e52
                            • Instruction Fuzzy Hash: 29212975904304EFDF0ADFD4E5C0B25BB65FB84324F20C56DE9094B292C7B6D456CA62
                            Function 0110D01C Relevance: .1, Instructions: 72COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2159066004.000000000110D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0110D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_110d000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 77483c990239bb5f335cb54955c65a010554cc3cb9399af7d9f934e68034e273
                            • Instruction ID: 2e574115179b01567e0c788dd9fc104b6b7224f32392baa1857d034db1999c1a
                            • Opcode Fuzzy Hash: 77483c990239bb5f335cb54955c65a010554cc3cb9399af7d9f934e68034e273
                            • Instruction Fuzzy Hash: 69210375A04204EFDF1ADF94E980B26BB65EB84314F20C56DD90E4B29AC7B6D406CA62
                            Function 071F7DA4 Relevance: .1, Instructions: 71COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 58cce8b119681fb1af6cfda4f45ec8017c67921115d42353e2515788acdc04eb
                            • Instruction ID: f284ba0ff741f59c64d86f6d117d5f96b8bfc3b4d497218553f7711ffd56b610
                            • Opcode Fuzzy Hash: 58cce8b119681fb1af6cfda4f45ec8017c67921115d42353e2515788acdc04eb
                            • Instruction Fuzzy Hash: 3D21AE316082848FCB0BCB38D4909A9BFB1EF8620579A44EBD6859F6A3C735DC05CB51
                            Function 071FDAC0 Relevance: .1, Instructions: 67COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 945a7e9ab96a36c46da4ee0a18bbc78eabcfa9f0c906dae0c82ea459ea5de048
                            • Instruction ID: 0ba8a50452ce1bbb9a266b5be5dea757fd19d018f7d4e6871a2ff42954cf269d
                            • Opcode Fuzzy Hash: 945a7e9ab96a36c46da4ee0a18bbc78eabcfa9f0c906dae0c82ea459ea5de048
                            • Instruction Fuzzy Hash: F31196713092C19FC7179B38E8606A97FB2EFC3550B1944EAC2C5CB2A2DFA59D0AC751
                            Function 071FDB10 Relevance: .1, Instructions: 65COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: aa576c5c7a772ab708088cc413737ea4f5b897cc178d22d3c04f6a0eb0fa484b
                            • Instruction ID: 079b9776531b01fd05c55a279d8b258e40c7978814d4946479f0a2313254b16a
                            • Opcode Fuzzy Hash: aa576c5c7a772ab708088cc413737ea4f5b897cc178d22d3c04f6a0eb0fa484b
                            • Instruction Fuzzy Hash: 6A1180B17092C19FC7138B38A8706B97FB59F93620B1904DBC2C1CB292DBA59D56C762
                            Function 071FB4E0 Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d2d2b94251395e6906f17bc2d721605e34dadccb3ec40ae1028f363bed4546e1
                            • Instruction ID: 99b697b43f0e19ba48a1d102897f0ba027e7da31de45e2b100a588e061b82588
                            • Opcode Fuzzy Hash: d2d2b94251395e6906f17bc2d721605e34dadccb3ec40ae1028f363bed4546e1
                            • Instruction Fuzzy Hash: C3114C74B006418FC715DF39C8A096AF7F2BF89614B24866DD1258B7A1CB71ED06CB52
                            Function 071FD218 Relevance: .1, Instructions: 61COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: decab9d8f073b4e09b74841df5f82ba943d20059ba9e90e4a7c9afea0781a1fa
                            • Instruction ID: e1eb0cea71e3a097cb685e11e569f3e33211fcaed61554c4de9424b494540047
                            • Opcode Fuzzy Hash: decab9d8f073b4e09b74841df5f82ba943d20059ba9e90e4a7c9afea0781a1fa
                            • Instruction Fuzzy Hash: 4F11BF71710605CFC724AF78D8A0869B7B6FF8621171105ADE24ACB3B1DB31E885CBA1
                            Function 071FDA2A Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dee129eedcec5d02196ce582c088352e228da152cfcdf5dfa7c66cc2ea00aa55
                            • Instruction ID: 14bea17edd11bfe3822617f5604617ff8bbc258ceb83a359cb2ea3c266768444
                            • Opcode Fuzzy Hash: dee129eedcec5d02196ce582c088352e228da152cfcdf5dfa7c66cc2ea00aa55
                            • Instruction Fuzzy Hash: BE11E2313097828FC7266778942426D7FA2EF86220F144A5EC2D68B6D2DF645806CB96
                            Function 071F4E38 Relevance: .1, Instructions: 58COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ceaa953c353ce2d26b39c030b33794082133b7d74efc2674a85b68facfc81bd9
                            • Instruction ID: 7718fcb75b21d26716793d8e3aaf2b42ef25dc81c7eee1b745bf2ec2844babd6
                            • Opcode Fuzzy Hash: ceaa953c353ce2d26b39c030b33794082133b7d74efc2674a85b68facfc81bd9
                            • Instruction Fuzzy Hash: CA11E3B1A002969FCB12CF3DC880AAE7BF5FF48610F044469EE54D72A2D738C911CB61
                            Function 010FD1F7 Relevance: .1, Instructions: 57COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2158993662.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_10fd000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 45d2786e60e1e4201bb004dcd9f59ae96814e242b2a6b2dda49e09682ea99c03
                            • Instruction ID: fb0718bce33f339ab452112ea331135c8d54312d39388edc4b39e758c5b764a6
                            • Opcode Fuzzy Hash: 45d2786e60e1e4201bb004dcd9f59ae96814e242b2a6b2dda49e09682ea99c03
                            • Instruction Fuzzy Hash: 3721DF7A404280CFCB46CF44D9C4B16BFB2FB84324F24C1AADD480B656C33AD426CBA1
                            Function 010FD4BF Relevance: .1, Instructions: 56COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2158993662.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_10fd000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                            • Instruction ID: 344c65a58833bea22d502aca041045a5640d72ff2830c322c3e30821d1a22c2c
                            • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                            • Instruction Fuzzy Hash: C711DF76404280CFCB02CF54D5C4B16BFB1FB84718F24C6ADD9490B656C33AD45ACBA2
                            Function 0110D017 Relevance: .1, Instructions: 53COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2159066004.000000000110D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0110D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_110d000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                            • Instruction ID: 5afe8b22e35f4b6217726322ffbc8e61adee7ff8d2fb1bae20942ad95fba39e4
                            • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                            • Instruction Fuzzy Hash: FE11BE75904284CFCB16CF54E5C4B15BB61FB44314F24C6A9D8094B69AC37AD40ACB62
                            Function 0110D1CF Relevance: .1, Instructions: 53COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2159066004.000000000110D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0110D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_110d000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                            • Instruction ID: af09be11615f9c909b4221b3ebdb6c41be293e49899902612a96d7bb6d20d7a4
                            • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                            • Instruction Fuzzy Hash: 6A11BB75904280DFCB06CF98D5C0B15BBA1FB84224F24C6A9D8494B6A6C37AD40ACB62
                            Function 071F54C0 Relevance: .1, Instructions: 53COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 49911f1219c0b38e9bc8158e2fe56b6c0dedbe66ed769fb1f25aecf79f87e270
                            • Instruction ID: 99fc2a0597e2cba5c9b91a75fe3738503d03f2304ee047e42a81d11fba0809d0
                            • Opcode Fuzzy Hash: 49911f1219c0b38e9bc8158e2fe56b6c0dedbe66ed769fb1f25aecf79f87e270
                            • Instruction Fuzzy Hash: E2119E3151A2868FCB079B74E92658D7F71AF4322071902CBD4819F2A3DE395A49D792
                            Function 071FD208 Relevance: .0, Instructions: 50COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c33cb6d68d7d8796072391b90ad6299aac549a78fbd98474bfb481a95fc5f673
                            • Instruction ID: d57787b6051fb452f9b3c8a8dd92b06536ec8555ce6fd59d9dee1b4afe7ee483
                            • Opcode Fuzzy Hash: c33cb6d68d7d8796072391b90ad6299aac549a78fbd98474bfb481a95fc5f673
                            • Instruction Fuzzy Hash: E001F5B6304351CFC7169F78D950865BBB5BF8B21130A05AAE285CB3B2D731C944C7A1
                            Function 071F4E48 Relevance: .0, Instructions: 50COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f9ffca8d7440eba59f0050f80a389db0d2574a600ca322a119aa3c895401b19b
                            • Instruction ID: 829753224b13b31bee6fa472d43d24f61563250d2d409e430e9ec022dcc84e26
                            • Opcode Fuzzy Hash: f9ffca8d7440eba59f0050f80a389db0d2574a600ca322a119aa3c895401b19b
                            • Instruction Fuzzy Hash: F0115EB5A1065A9FCB11DF6DC884AAF7BE9FF48610F004429EE14D7261DB34D9108B61
                            Function 071F4100 Relevance: .0, Instructions: 47COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e76db52f7d099e4da7f6f243b226af816abf10ae2f3f6b4275811a13996df8c7
                            • Instruction ID: 4a5ea0cd7fa4f28e0693da6fb0579c14402e91ced2dab207c3cb3b06d7f0bd7a
                            • Opcode Fuzzy Hash: e76db52f7d099e4da7f6f243b226af816abf10ae2f3f6b4275811a13996df8c7
                            • Instruction Fuzzy Hash: F001D8703087818FC71ACB68E450966BBB6EFC2224B65C1AED9498B2A1DB70EC07C750
                            Function 010FD745 Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2158993662.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_10fd000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 74e20835aec988c1c57e481ac0e6506262c0fe0dc54ad04503a74f3f32516f9f
                            • Instruction ID: 507db09bfb73f1a1fe3c01ae06f2919675e8ccb24e78bbac0949e97efdc29cff
                            • Opcode Fuzzy Hash: 74e20835aec988c1c57e481ac0e6506262c0fe0dc54ad04503a74f3f32516f9f
                            • Instruction Fuzzy Hash: C801F2710043809AF7115EA9CD84B2ABFD8EF81224F18C55EEF480E696E6B99840CBB1
                            Function 071F5DD7 Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b2189e433e6d9c79ba03fd46d3449bfda950ae2d5a422991441b162888a14337
                            • Instruction ID: f89ebb8db628749bb7e4d19525c9b305bdf0ecc9a9fe89104d26a98daccf9dac
                            • Opcode Fuzzy Hash: b2189e433e6d9c79ba03fd46d3449bfda950ae2d5a422991441b162888a14337
                            • Instruction Fuzzy Hash: 5B019E726091938FC3264B3854545FAFFE1EF46610F0905BBD1CCD7153CB158826C7A1
                            Function 071F4110 Relevance: .0, Instructions: 41COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b5df3fbe24d05693a5afa0d3f50b58c6c4d6bab9ba76f7806d624e4017035e36
                            • Instruction ID: d2afcfc7dcee5c5322d736a1fb5e47144357a878bfc04eba528f00eed03d7df4
                            • Opcode Fuzzy Hash: b5df3fbe24d05693a5afa0d3f50b58c6c4d6bab9ba76f7806d624e4017035e36
                            • Instruction Fuzzy Hash: 95016D743047458FC719DA69D450D27B7AAEFC6220B61C56EDA098B2A0DBB1EC02CB90
                            Function 071FCD34 Relevance: .0, Instructions: 39COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4151c4027575de6d8e30e37d6d745bde111ba9077ce5dbb1d58b32513d46f341
                            • Instruction ID: 105e0c03bfe3498fdabbbade55004ef5e1f4167c1a7d8a448422aa2e40b73af1
                            • Opcode Fuzzy Hash: 4151c4027575de6d8e30e37d6d745bde111ba9077ce5dbb1d58b32513d46f341
                            • Instruction Fuzzy Hash: CDF06D70B10105DBD6159E3DD860B7A3AE6EBC2650F055469D38AC7690DFB4DD0187A2
                            Function 010FD744 Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2158993662.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_10fd000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 388db5d336937eb20f4d1b8269a0715e427853d09dc6dc8bfc6c5ab6a2a933a3
                            • Instruction ID: 768d65ee5a2bdd70ebccd4db955f2e1fc01c071cec5ed7a643e388d3df2f6c22
                            • Opcode Fuzzy Hash: 388db5d336937eb20f4d1b8269a0715e427853d09dc6dc8bfc6c5ab6a2a933a3
                            • Instruction Fuzzy Hash: 96F0C2714043849AF7118E59C884B66FFD8EB81634F18C05EEE480F697D3799844CBB1
                            Function 071F56C9 Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1284afd84b352f6bc9be7f6da31624690b7de8f3dbdfb5e037406484bdcfc0d2
                            • Instruction ID: 377318cae9ec891cb5b70c56b7a39121803d9ca042739e1d0f8864cce26e2c0e
                            • Opcode Fuzzy Hash: 1284afd84b352f6bc9be7f6da31624690b7de8f3dbdfb5e037406484bdcfc0d2
                            • Instruction Fuzzy Hash: D0F0B436341256DFDB07AF74E4908ED7BB5AF4A36031949A7E180CF226DB348945DB90
                            Function 071F7DB0 Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 235f6c445892cb0c7a33566501cb05483e848e64bf532bbbc5dcf3f7ee05393b
                            • Instruction ID: f1a96264de746cd71a8f1796dd810d2e1f7bdcd1fd7f8d1a97e43102d1ed549c
                            • Opcode Fuzzy Hash: 235f6c445892cb0c7a33566501cb05483e848e64bf532bbbc5dcf3f7ee05393b
                            • Instruction Fuzzy Hash: 2E013C35700104CFCB1ACF68D484CA8B7F5FF88715B9644AAD6059B3A1CB32EC40CB50
                            Function 071F5DC1 Relevance: .0, Instructions: 35COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 83887afb63ef2bae4aaecaa0f1af1d6f8c192a71bb95b3c422f3ea916f2b8d8e
                            • Instruction ID: 55ecadfb6a2b45c74359d15b7bf0e2e93a891488bef1dd0f928b2c141902ef86
                            • Opcode Fuzzy Hash: 83887afb63ef2bae4aaecaa0f1af1d6f8c192a71bb95b3c422f3ea916f2b8d8e
                            • Instruction Fuzzy Hash: 38F090722091D2CFC71B8B3898542F5FFA2EF46211F0D06EAD1899B1A3D7268469C751
                            Function 071F54E8 Relevance: .0, Instructions: 32COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 642202ee6f9964c289e5f576973f81fdd31884ad55f13af07ab6a0d6e556284a
                            • Instruction ID: 0202e9ef7220e69b1963ce43c8313e0e890689f72f8be913009791d321da9e20
                            • Opcode Fuzzy Hash: 642202ee6f9964c289e5f576973f81fdd31884ad55f13af07ab6a0d6e556284a
                            • Instruction Fuzzy Hash: ECF04F30A1020EDFCB48EFB8E56599C7FB1FB84205B5041AEE505E7314EE356E09DB91
                            Function 071F7E70 Relevance: .0, Instructions: 32COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4610e224bc427c176a67cd0ba7a5e85f24adb3e308ab4b21b7691f211a59e608
                            • Instruction ID: 3b1056e04e1fa38bcba3018de4d140fb55765b5ee07196014cb8ca9deca680b5
                            • Opcode Fuzzy Hash: 4610e224bc427c176a67cd0ba7a5e85f24adb3e308ab4b21b7691f211a59e608
                            • Instruction Fuzzy Hash: 8FE065653082D35BD713236D14641BA7FAA8EC659135A0067E744DB2C6DF35DC068361
                            Function 071F503A Relevance: .0, Instructions: 30COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dbccdad0ae813b04be0d010f0922731dd874fabd96bb1494766d3a0174709daf
                            • Instruction ID: 29182b7252c08e82abbe51c2e8759a4071de0a41832419b706b7241f11352615
                            • Opcode Fuzzy Hash: dbccdad0ae813b04be0d010f0922731dd874fabd96bb1494766d3a0174709daf
                            • Instruction Fuzzy Hash: 60F09AB0620005CFDB588B6CD4497E933F2BB00316F000075E21AD72E0E77889C6CBA1
                            Function 071F56D8 Relevance: .0, Instructions: 29COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ee21d4874a283cbd298f7cabbccc1810ec1efa3eaa3eba1771bdb48298144b8e
                            • Instruction ID: d04e0bb96f9d48610e22edf4f355ea0c4700cd893c3330cacbe33e2cfd4383c9
                            • Opcode Fuzzy Hash: ee21d4874a283cbd298f7cabbccc1810ec1efa3eaa3eba1771bdb48298144b8e
                            • Instruction Fuzzy Hash: ACF0303630120ADBDB05AF69E490C9E7BAAEF893507514575F6048B224DF71DC05DB90
                            Function 071F7E80 Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: deb257b7bd2b246e1dde28fa1f4a54667ea5d99274fdffb12b33e24507170f64
                            • Instruction ID: 5d5e8b796fc519738ced507744a7b06f5dbe30e80e5102a42f956d9dbffc34a8
                            • Opcode Fuzzy Hash: deb257b7bd2b246e1dde28fa1f4a54667ea5d99274fdffb12b33e24507170f64
                            • Instruction Fuzzy Hash: C7E08675710226576B1632AD54146BB3ADB8BC56A1759003BE709D73C5DF70DC0143A5
                            Function 071F3C30 Relevance: .0, Instructions: 27COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e882beeaf9d52698301457b8c120a434c40aafafc5ef15d066b5dbde6ce70b42
                            • Instruction ID: 5f692a71d64a1292ecb718683a2f9964072130ff41d3d1979ce265df32c3462e
                            • Opcode Fuzzy Hash: e882beeaf9d52698301457b8c120a434c40aafafc5ef15d066b5dbde6ce70b42
                            • Instruction Fuzzy Hash: 11E092317182908FC71A5B3894A56FD3FF19F4A710F0900EBE099CB2A3CB644C41CB91
                            Function 071F5680 Relevance: .0, Instructions: 26COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d39d2644e770067d694b8acf4d48e5ec0259534bd5f9f63cb7477fc33db53e49
                            • Instruction ID: 10475f5a0bcd89420f6a6bdfd9454d1032bf750ea58bb5e388291e0d0aebbde4
                            • Opcode Fuzzy Hash: d39d2644e770067d694b8acf4d48e5ec0259534bd5f9f63cb7477fc33db53e49
                            • Instruction Fuzzy Hash: B5F0A036948189AFCB02CBB0C5514DDBF71EE07210B1482C7D49197292CA3A1B0AEB40
                            Function 071F4FFE Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4a128634fd297ff4eceab591bcbe0adae5a7f929f1eaf9a26be0c0e41e6e417c
                            • Instruction ID: aa77f384b4cf32748e0d0c3cd9d492569f9aa8abea1026b1d3a936992375c3f5
                            • Opcode Fuzzy Hash: 4a128634fd297ff4eceab591bcbe0adae5a7f929f1eaf9a26be0c0e41e6e417c
                            • Instruction Fuzzy Hash: 95E01A71610015CFCB459B68E4487E877B2BB44256F4000A5E11ADB2A1DB759996CB50
                            Function 071F5690 Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: df79b6438cc9a2588da5c23fa88ce3df8ee32731087e53f28cc0b181049cc7b3
                            • Instruction ID: 51effde81e1d1d4617a00b873d5f99309953848a410eec59fa318e83072bbfe3
                            • Opcode Fuzzy Hash: df79b6438cc9a2588da5c23fa88ce3df8ee32731087e53f28cc0b181049cc7b3
                            • Instruction Fuzzy Hash: AFE09A75D0010CEFCB40DFE4D5458DDBBB5EB48200F1081A6D905A3200EB355B15EF80
                            Function 071F42E0 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 94e8d7b79178b054901d1921ad02996106d606df38644be7ff0ba499079c46d1
                            • Instruction ID: 31b16187b623cf3da0fd03af89c74ed27c95759a83de0f0dac911572c5899e98
                            • Opcode Fuzzy Hash: 94e8d7b79178b054901d1921ad02996106d606df38644be7ff0ba499079c46d1
                            • Instruction Fuzzy Hash: A5E02B33209380AFDB838FB4C840DD47F30AF2A210B148086E58CDB153C2334953CB10
                            Function 071F3C40 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dd71c9867a2601bcace4e85a655664d50f45d5f5b9a23ec6e0b0e5130c264d84
                            • Instruction ID: 92274a92d38bbceb7264dd9fe6ba87df062e06b9303af40dc7a130720ab550a1
                            • Opcode Fuzzy Hash: dd71c9867a2601bcace4e85a655664d50f45d5f5b9a23ec6e0b0e5130c264d84
                            • Instruction Fuzzy Hash: D6D017707145248FC618AB39D448BA933EAAB88B21F0440BAE51A873A2CF64AC408BD5
                            Function 071FA3A7 Relevance: .0, Instructions: 15COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 34bcde42ea827314e60df018366ace6fd42f68ac1c18b21b7e0a39d9a1634c21
                            • Instruction ID: d3cab8626308508c860808423cc42d14ec84542d27afc7e46a4f47bded53c5a3
                            • Opcode Fuzzy Hash: 34bcde42ea827314e60df018366ace6fd42f68ac1c18b21b7e0a39d9a1634c21
                            • Instruction Fuzzy Hash: 65D0A77A0441908FC7025778ED945D63F70AE4722430917C3E368CF1F3C919D811CB21
                            Function 071FA3B8 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f4b1409dc41568df10cbb6b498b352024ca04b94dccfe336439226ed0a50c4d0
                            • Instruction ID: 5390514efd9a64193146209ccad56fafbacf24dcbaf606fb180f86bcea5b828f
                            • Opcode Fuzzy Hash: f4b1409dc41568df10cbb6b498b352024ca04b94dccfe336439226ed0a50c4d0
                            • Instruction Fuzzy Hash: B5D01270100205CFC705DB68D9448117BA4EF45704314C1A8E10C8F232DB72EC02CAD0
                            Function 071F42F0 Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 356c239439c6319239b46dba3ca9af9579ed40cc27f9f97ace62a4b20cd2ba80
                            • Instruction ID: 075cbcf950fc4a8962ee9999fd0dfff0e11437ce28e6308f76273d9e6bfb8dfb
                            • Opcode Fuzzy Hash: 356c239439c6319239b46dba3ca9af9579ed40cc27f9f97ace62a4b20cd2ba80
                            • Instruction Fuzzy Hash: 61C08C36300208BFDB80AFD4C800D96776DAB18720F50D004FA080F201C673E862DBA4
                            Function 071FA3BF Relevance: .0, Instructions: 9COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bdb697258724a6b7143cca07a13edc2445285a71ff9017721f1549f10fc7eadc
                            • Instruction ID: c924728a8af0b165cfe4edb0304779f3c842076bb7eadf233ac7c7486aec62e5
                            • Opcode Fuzzy Hash: bdb697258724a6b7143cca07a13edc2445285a71ff9017721f1549f10fc7eadc
                            • Instruction Fuzzy Hash: 67C09B761C55649FC701CF54E5C88D93F60EF4961571501D5E50B4B532C212E943C701

                            Non-executed Functions

                            Function 071F2C38 Relevance: .5, Instructions: 503COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5f4c363d0d6b423c14c60980cb444f2215b47e0391e5d6fbd47daab8ce994d12
                            • Instruction ID: 6b846923bc55098ef4f327d111e8cad442f73d8a11873fc73a6bd6247dada693
                            • Opcode Fuzzy Hash: 5f4c363d0d6b423c14c60980cb444f2215b47e0391e5d6fbd47daab8ce994d12
                            • Instruction Fuzzy Hash: A502E3B17045128FDB1ADB78C494A2D7BA2BFC5700B2A846AE616DB3E1CF35DC42C791
                            Function 07593270 Relevance: .4, Instructions: 355COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2162183146.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7590000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ce30ff21e76df265ffa1b5e6a26632c7039784d92852c1dd7a1a60e2421ea389
                            • Instruction ID: 1887e91806cb71d5b0f17b82cc631c9b95af82f94bfe2f1fbf27d122001de74c
                            • Opcode Fuzzy Hash: ce30ff21e76df265ffa1b5e6a26632c7039784d92852c1dd7a1a60e2421ea389
                            • Instruction Fuzzy Hash: 22D188B1B00602DBDB29DB75C460BAABBF6BF89204F14457ED55ADB290CF35E802CB51
                            Function 071F8C00 Relevance: .3, Instructions: 319COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161823079.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71f0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3250a1d9cd65f1a5eef000adfda1dd33cb786b97378498ca81d3fef8895cc56b
                            • Instruction ID: fe1c6b132dc0b7011aa0029764f75993f927e364e468b3224f3187f92c91eb34
                            • Opcode Fuzzy Hash: 3250a1d9cd65f1a5eef000adfda1dd33cb786b97378498ca81d3fef8895cc56b
                            • Instruction Fuzzy Hash: B2A19170B002459FEB59ABB8885476F7AA7AFC8740F14853D910AEB7C4CE789C0387A5
                            Function 071E45F0 Relevance: .3, Instructions: 317COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8f4a084a76655a3c4af7e854f26de8496fbef685d4dccfd44ed74e290be6836f
                            • Instruction ID: 57df34208b8e3cae871477e09002192a012e16e8c75f2262ebe052d36e0f7903
                            • Opcode Fuzzy Hash: 8f4a084a76655a3c4af7e854f26de8496fbef685d4dccfd44ed74e290be6836f
                            • Instruction Fuzzy Hash: 96E13EB4E006598FDB14DFA9D590AAEFBF6FF89304F248169E805A7355C730A942CF60
                            Function 071EC748 Relevance: .3, Instructions: 312COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 328d2867c1ac518d3f083756e9b3cab36fe856ab1b907c35e33f9e32e121a216
                            • Instruction ID: b80aab8e1e575718d36d07d899e2929733d320ca1134132443a10bcd475ac443
                            • Opcode Fuzzy Hash: 328d2867c1ac518d3f083756e9b3cab36fe856ab1b907c35e33f9e32e121a216
                            • Instruction Fuzzy Hash: 10E13EB4E006598FCB14DFA9D990AAEFBF6FF89304F248159D414A7355D730A942CFA0
                            Function 071EC310 Relevance: .3, Instructions: 312COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e7ca07815c22b3a1f7441ccd1dbd90a4d512b354e0e5b0d74d1f613e06b40a83
                            • Instruction ID: 3d90f883e7ac8c8fbba5e0763d33ccc94794e5efe271548c35c82dc747b042e0
                            • Opcode Fuzzy Hash: e7ca07815c22b3a1f7441ccd1dbd90a4d512b354e0e5b0d74d1f613e06b40a83
                            • Instruction Fuzzy Hash: 48E13EB4E006598FCB14DF99D590AAEFBF6FF89304F248169D414AB355C7309942CFA0
                            Function 071EDE20 Relevance: .3, Instructions: 312COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 12f62b3c79160835e7db6b70271480064c5b2229562eb56c6e03f029a864140a
                            • Instruction ID: bf9b4399862fc0c1afcc14c2c3cc7e846f94f628d29a50c790842033b2f5c84b
                            • Opcode Fuzzy Hash: 12f62b3c79160835e7db6b70271480064c5b2229562eb56c6e03f029a864140a
                            • Instruction Fuzzy Hash: 36E12CB4E006598FDB14DF98D590AAEFBF6FF89300F248269D414AB355C770A986CF60
                            Function 071EBED8 Relevance: .3, Instructions: 312COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b6dfb30f29cd5075a32a5bb4902b1f109bd2a75506b7bc0beff9bce4742001b1
                            • Instruction ID: 6896d15254475d990a6034c85973071f7cffd0bc080e061672e0665449c1cb9c
                            • Opcode Fuzzy Hash: b6dfb30f29cd5075a32a5bb4902b1f109bd2a75506b7bc0beff9bce4742001b1
                            • Instruction Fuzzy Hash: 0CE12DB4E006598FCB14DFA9D590AAEFBF6FF89300F248159D414A7355C7709982CFA0
                            Function 071ED9E8 Relevance: .3, Instructions: 312COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 93333f373bb83cf5c7720c0fb01da4ae6708a638b3a75059196761925ce8919b
                            • Instruction ID: 454b8ede92c1a7c7cf065a61df21b9c171711a15b5bb25f6543b175e8e6ce2f3
                            • Opcode Fuzzy Hash: 93333f373bb83cf5c7720c0fb01da4ae6708a638b3a75059196761925ce8919b
                            • Instruction Fuzzy Hash: 62E13DB4E006598FCB14DFA8D590AAEFBF2FF89300F248159D454A7355D770A982CFA0
                            Function 07590888 Relevance: .3, Instructions: 298COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2162183146.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7590000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 303834adc3475e56ebc4236f2715ca4ff0193a6ed66d3afebe94bda94ed0c7a4
                            • Instruction ID: 816189fd410eac05be5759ce86df9509550efd0fd14ae61078a05f8270f90581
                            • Opcode Fuzzy Hash: 303834adc3475e56ebc4236f2715ca4ff0193a6ed66d3afebe94bda94ed0c7a4
                            • Instruction Fuzzy Hash: BED1C474A00106CFDB18DF69C598AE9B7F1BF8C714F2584B9E509AB3A1DB31AD40CB60
                            Function 0115E04C Relevance: .3, Instructions: 264COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2159285716.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1150000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d7151dcf47310eaa12a4680a8c58c883db3ee580dd86c99b9408fa6ebac48663
                            • Instruction ID: 65c4dc8d0a55526c2fa601d4f1bde2850885c102b51aee83b5762c05f7fb82c5
                            • Opcode Fuzzy Hash: d7151dcf47310eaa12a4680a8c58c883db3ee580dd86c99b9408fa6ebac48663
                            • Instruction Fuzzy Hash: 5FA18F32E0021ACFCF59DFB4C8844AEBBB2FF84304B15456AED15AB265DB31E956CB40
                            Function 071E58A8 Relevance: .2, Instructions: 169COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c68e0f39b69b121e2acb586d1a4d928d7af37d1b4a65e4f3b47f94831656cb13
                            • Instruction ID: cba088385a504a4deb36f910636bb64465423e849e44e541f7211573924c3b18
                            • Opcode Fuzzy Hash: c68e0f39b69b121e2acb586d1a4d928d7af37d1b4a65e4f3b47f94831656cb13
                            • Instruction Fuzzy Hash: BF7192B4E006198FDB08DFAAD984ADEFBF2BF88310F14C166D418AB255DB349946CF50
                            Function 071E5610 Relevance: .1, Instructions: 140COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f2f98d4efc4cbe031dfbeed92e19fcb8bde9f7cb9aaba6cb9654673e5bdb3b2c
                            • Instruction ID: fe5f0e24eb4fe7712b4fe49182a333104c83ef694eb247fda1b1b38384f08644
                            • Opcode Fuzzy Hash: f2f98d4efc4cbe031dfbeed92e19fcb8bde9f7cb9aaba6cb9654673e5bdb3b2c
                            • Instruction Fuzzy Hash: 635192B5D006199FDB08CFE6D9446EEFBB2FF89311F14802AE819AB254DB345A46CF40
                            Function 071EDE12 Relevance: .1, Instructions: 138COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6ef8f028d8fcbfddd995adb570021271fdfd5a719298fc1ea415a99a54c868ca
                            • Instruction ID: ee9ff69a7743a922b610a990de5721444d85ad67056ef79a3a7ba12cf232773f
                            • Opcode Fuzzy Hash: 6ef8f028d8fcbfddd995adb570021271fdfd5a719298fc1ea415a99a54c868ca
                            • Instruction Fuzzy Hash: CB515BB0E002598FDB14DFA9D5905AEFBF6FF89310F24816AD448AB356C7309942CFA1
                            Function 071EC739 Relevance: .1, Instructions: 135COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5086c6586c465a4ce4ba88fafaf4433794f1d369f4512affd5513c46a4816a7e
                            • Instruction ID: 35f0a43c1af8e076b211b66d9ca008d043768ac67c27a204c304f521568ad136
                            • Opcode Fuzzy Hash: 5086c6586c465a4ce4ba88fafaf4433794f1d369f4512affd5513c46a4816a7e
                            • Instruction Fuzzy Hash: 51515AB0E006598FDB14DFA9D9909AEFBF6FF89305F24816AD418A7355C7309942CFA0
                            Function 071E5897 Relevance: .1, Instructions: 130COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b186116bcbc31f6a861380d6cc53ce9b8997d0819b6f06ec32f1f54f444590c1
                            • Instruction ID: 776c6b868fa96899fa05bee421267ef1f70d92eb05d2865eca6ae7940de73917
                            • Opcode Fuzzy Hash: b186116bcbc31f6a861380d6cc53ce9b8997d0819b6f06ec32f1f54f444590c1
                            • Instruction Fuzzy Hash: A0519EB5E006598FDB08CFAAD98469EFBF2BF88310F15C16AD418AB354DB349946CB50
                            Function 071E5602 Relevance: .1, Instructions: 97COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2161791893.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_71e0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0211521e5654a934c8b74eecffcbc1ce8198a06c947f6d77f7e84bff976636a6
                            • Instruction ID: 0cb47da5e4165dbc9cfb85285bb89b930e6f00135be349a8ff9ffe67526800cd
                            • Opcode Fuzzy Hash: 0211521e5654a934c8b74eecffcbc1ce8198a06c947f6d77f7e84bff976636a6
                            • Instruction Fuzzy Hash: 4441B4B5E006099FDB08CFEAC94569EFBF6BF88310F14C12AD418AB254DB345A46CF40

                            Executed Functions

                            Function 01869858 Relevance: .9, Instructions: 861COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c74aea9191d9682434d78f4186d8e37b8e41156092a0fc6d250321a85938dc0f
                            • Instruction ID: 91445a4363377493a68c9bf703c98761f5a5b8f3fd7a8acea82160c30c6424e5
                            • Opcode Fuzzy Hash: c74aea9191d9682434d78f4186d8e37b8e41156092a0fc6d250321a85938dc0f
                            • Instruction Fuzzy Hash: 90728570A00609DFCB19CF68C984AAEBBF6FF88354F158555E906EB3A1D731EA41CB50
                            Function 06EE0D48 Relevance: .7, Instructions: 745COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e235905533bbd2e9aca541fb24816be7c4945e5d4b138818e9a62010f6f004cc
                            • Instruction ID: 27610bda460995b7f4b36bf9bb7cb26cb663d97028a79ec6f8910983f741c432
                            • Opcode Fuzzy Hash: e235905533bbd2e9aca541fb24816be7c4945e5d4b138818e9a62010f6f004cc
                            • Instruction Fuzzy Hash: DA826F74E01228DFDB64DF69D894BDDBBB2BB89300F1091EA980DA7261DB745E81CF41
                            Function 0186E431 Relevance: .7, Instructions: 716COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 530a85c032bade4b39f2e0a1b51ef0c5f514c76d58d9736c737388139132e7c8
                            • Instruction ID: 9cb4cc271a5d36130385ebfe199b44f8a398b35dbbdc273b47fa2653847f6c7c
                            • Opcode Fuzzy Hash: 530a85c032bade4b39f2e0a1b51ef0c5f514c76d58d9736c737388139132e7c8
                            • Instruction Fuzzy Hash: A072BE78E01229CFDB65DF69C884BEDBBB6BB49300F1491E9D409A7251EB349E81CF50
                            Function 01866108 Relevance: .5, Instructions: 511COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5e3113e7a94d76e6c4dfe99c8f57682eda44660b3c75843fbb67a32994513c64
                            • Instruction ID: 126d6153bce73b9ff999e4fa9eb24e4abb508f6976ceb4cdb01d4925d028eca3
                            • Opcode Fuzzy Hash: 5e3113e7a94d76e6c4dfe99c8f57682eda44660b3c75843fbb67a32994513c64
                            • Instruction Fuzzy Hash: BE128F70A002599FDB15DFA9C894BAEBBF6BF88304F248529E509DB391EF349D41CB50
                            Function 01866730 Relevance: .4, Instructions: 443COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5c4e4f22cc9c794f79ed6c45b682a58424c8e77b63578d21a963e83c8a0b5a5b
                            • Instruction ID: e0ba32d19a9e2027b917ccd3aaa198cde5c4989f4071e2c233bcfaad9d67082e
                            • Opcode Fuzzy Hash: 5c4e4f22cc9c794f79ed6c45b682a58424c8e77b63578d21a963e83c8a0b5a5b
                            • Instruction Fuzzy Hash: F6026170A00249DFDB15CF69C984AADBFBAFF88314F258069E905EB265E731DE41CB50
                            Function 06EE85B0 Relevance: .3, Instructions: 296COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 23aee5f16b14e07e9d2ed2c4b4daed943728d9fb85fe30321f77fbd60e1ad138
                            • Instruction ID: bea9261ef4da4b4e293aa92d2dc09384cd17fc6595259638e5fc19bbe902e916
                            • Opcode Fuzzy Hash: 23aee5f16b14e07e9d2ed2c4b4daed943728d9fb85fe30321f77fbd60e1ad138
                            • Instruction Fuzzy Hash: F4E1D074E01218CFEB64DFA5C844B9DBBB2BF89304F2091AAD808A7391DB755E85CF10
                            Function 0186F778 Relevance: .3, Instructions: 293COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e8371a5d6ec4a3ef0a62e68ba152f24bf42cd444f48611f056adc8701f24a484
                            • Instruction ID: 8cc725e4c33e43e336a47ce33bce0143afec8d2f75f25a2a73f850f991dbec95
                            • Opcode Fuzzy Hash: e8371a5d6ec4a3ef0a62e68ba152f24bf42cd444f48611f056adc8701f24a484
                            • Instruction Fuzzy Hash: B5D1F174E00218CFDB14DFA9D954BADBBB6BF89300F2090A9D909AB355DB359E81CF40
                            Function 0186C470 Relevance: .2, Instructions: 245COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 967638d0ae31331cdb7874f9b51b9d3f0abc5e31332afcd5f78da04154bb5781
                            • Instruction ID: f54ce7d8a94799c5d4ea62c9f578b68802e4890baa7a2ea68dcadbc8dabf90f1
                            • Opcode Fuzzy Hash: 967638d0ae31331cdb7874f9b51b9d3f0abc5e31332afcd5f78da04154bb5781
                            • Instruction Fuzzy Hash: 86B1E474E00218CFDB15DFA9D984AADBBF6FF89300F109169E859EB255DB309A41CF50
                            Function 0186B4A0 Relevance: .2, Instructions: 229COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1f99e890445eb80e7a6b12d4dc26d0f1715da6cfac8430f3c5cca9dc37d3e9cd
                            • Instruction ID: 00a80e7af9ec617bd93f0455afdeaf523899d2db1c3a6672a25ca3b38a7cfb2d
                            • Opcode Fuzzy Hash: 1f99e890445eb80e7a6b12d4dc26d0f1715da6cfac8430f3c5cca9dc37d3e9cd
                            • Instruction Fuzzy Hash: 98A1D574E00218CFDB14DFA9D984A9DBBB6FF88314F14806AE409EB361DB349941CF51
                            Function 06EE9FB0 Relevance: .2, Instructions: 219COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 225fbeda94d6d23bd3ce79937d0b22ac9f0da805e7577884869cf8169ada4c3b
                            • Instruction ID: 35d3a6f2753fc3fcc76246faccdb28750d6c9bca643874a00364b0b0affdaf00
                            • Opcode Fuzzy Hash: 225fbeda94d6d23bd3ce79937d0b22ac9f0da805e7577884869cf8169ada4c3b
                            • Instruction Fuzzy Hash: 9FA1A3B4E01218CFEB68CF6AC844B9DBBF2AF89300F14D1AAD40DA7255DB345A85CF51
                            Function 06EEBF30 Relevance: .2, Instructions: 219COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f51d5ca7aa03bd71794bec3ed5b040bd2b58bafd3683908957c270025ced0cf0
                            • Instruction ID: 5952ceb1a40ab634fbd4901f1bc8d015768560abe021b462f126ddd901780cca
                            • Opcode Fuzzy Hash: f51d5ca7aa03bd71794bec3ed5b040bd2b58bafd3683908957c270025ced0cf0
                            • Instruction Fuzzy Hash: 16A1A174E01228CFEB68CF6AD944B9DBBF2AF89300F14D1AAD40DA7250DB745A85CF51
                            Function 06EEC580 Relevance: .2, Instructions: 219COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5368c23fc53862486a6fab45ac2ce61c80bc36c9fd071dadbc7e4cb971ddcd03
                            • Instruction ID: 030e83cdb18d67f1f9789feb2bc2e703945925c553a1c4419a1bf09539b6a626
                            • Opcode Fuzzy Hash: 5368c23fc53862486a6fab45ac2ce61c80bc36c9fd071dadbc7e4cb971ddcd03
                            • Instruction Fuzzy Hash: 35A1B175E01228CFEB68CF6AC944B9DBBF2AF89300F14D1AAD40CA7254DB745A85CF51
                            Function 06EEB290 Relevance: .2, Instructions: 219COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a1c45b7ac839292a0764e5c4c6bac4ac11e5d95c8972ba3df464fc7762f782d0
                            • Instruction ID: 7e382b83878ccb2fafdc5cd2a25baf98ca47435f7c7a316d2e62bf337954f261
                            • Opcode Fuzzy Hash: a1c45b7ac839292a0764e5c4c6bac4ac11e5d95c8972ba3df464fc7762f782d0
                            • Instruction Fuzzy Hash: 1FA1B574E01228CFEB68CF6AC944B9DBBF2AF89300F14D1AAD40DA7251DB745A85CF51
                            Function 06EED218 Relevance: .2, Instructions: 219COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6ddd881587aa7843bd8ca660432163270c2a07a2c08cb1f4972f9ea70a1d5a24
                            • Instruction ID: 8ba0b9f0984db4d36fdab6dab3964dbf70a24e7087ad140ef38542311850ac34
                            • Opcode Fuzzy Hash: 6ddd881587aa7843bd8ca660432163270c2a07a2c08cb1f4972f9ea70a1d5a24
                            • Instruction Fuzzy Hash: AAA1A170E01228CFEB68CF6AC944B9DBBF2BF89300F14D1AAD409A7254DB745A85CF51
                            Function 06EEB8E0 Relevance: .2, Instructions: 219COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1060d7bb954f58d8399b32c6772b2cdf58e097434081fb82dc404b4626797ff2
                            • Instruction ID: 1c305f15041c0b6818979fb24d98c086e29e5ef2edc59eb3f3c21e9246ca63f8
                            • Opcode Fuzzy Hash: 1060d7bb954f58d8399b32c6772b2cdf58e097434081fb82dc404b4626797ff2
                            • Instruction Fuzzy Hash: 10A1AF74E01228CFEB68CF6AD944B9DBBF2AF89300F14D1AAD40CA7254DB745A85CF51
                            Function 06EEA600 Relevance: .2, Instructions: 218COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 45c3d05ca3d25c821c5bc19f9e56b82723380374f9dcabdf0930549a4b68ef9d
                            • Instruction ID: 7a4b54fd7d13740a046d842ddf1977c61428f2a638e023b8ff8d2667dc6e67a7
                            • Opcode Fuzzy Hash: 45c3d05ca3d25c821c5bc19f9e56b82723380374f9dcabdf0930549a4b68ef9d
                            • Instruction Fuzzy Hash: 33A1A074E01228CFEB68CF6AC944B9DBBF2AF89300F14D1AAD40DA7254DB745A85CF51
                            Function 06EEAC48 Relevance: .2, Instructions: 218COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5644c02e0a117537f7ce252b4ec2ba93ad924cc6246e63149f897dac305aeeb9
                            • Instruction ID: 513cef8356eb2ee11639ee153c3c9f242cf1dfeece0d588f69975fced3bf8f9c
                            • Opcode Fuzzy Hash: 5644c02e0a117537f7ce252b4ec2ba93ad924cc6246e63149f897dac305aeeb9
                            • Instruction Fuzzy Hash: F1A1B274E01228CFEB68CF6AC944B9DBBF2AF89300F14D1AAD408A7250DB745A85CF51
                            Function 06EECBD0 Relevance: .2, Instructions: 218COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bc11da70a904d0e742ee1b63970cbf45225af24336a58935f56f48c726b25a4d
                            • Instruction ID: 9ba01cc0243fba80e11e3751479fc6e4e60506bcc1fb0df914dc40934e1d314a
                            • Opcode Fuzzy Hash: bc11da70a904d0e742ee1b63970cbf45225af24336a58935f56f48c726b25a4d
                            • Instruction Fuzzy Hash: D6A1A074E01228CFEB68CF6AC944B9DBBF2AF89300F14D1AAD40DA7254DB745A85CF51
                            Function 0186BBB8 Relevance: .2, Instructions: 205COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 39e1f4a7754b996a5c3b186c7aea9ccebc8be57c131c410192d5b14863ac78ff
                            • Instruction ID: f2c3b04c486d313c53b8578ee9459eecfcfa56a526a0f60023064391038ce6ce
                            • Opcode Fuzzy Hash: 39e1f4a7754b996a5c3b186c7aea9ccebc8be57c131c410192d5b14863ac78ff
                            • Instruction Fuzzy Hash: 3291E374E00258CFDB14DFA9D884A9DBBF6BF89304F1480AAD908EB365DB709A45CF51
                            Function 0186BEB0 Relevance: .2, Instructions: 202COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0c58b5eb92f5eed78ec3cb4b83a4c5e9919392ee643178cf37fe0c6547d670f6
                            • Instruction ID: 11e1839fca0d18f25534c23d7481353e6be890ba2e5baa4d017e60879951905b
                            • Opcode Fuzzy Hash: 0c58b5eb92f5eed78ec3cb4b83a4c5e9919392ee643178cf37fe0c6547d670f6
                            • Instruction Fuzzy Hash: CB91D274E00218CFDB14DFA9D884A9DBBF6BF89304F148069E809EB365DB319A81CF51
                            Function 0186C190 Relevance: .2, Instructions: 201COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bd79f098e4f5e4e3ac45bcdbf2beeac525b35a47d0a6321ab69821cbe4cfc86f
                            • Instruction ID: 8094adb6300d5ca041485d37b629f46439e5683115a4031425e9a22de2ba9c8e
                            • Opcode Fuzzy Hash: bd79f098e4f5e4e3ac45bcdbf2beeac525b35a47d0a6321ab69821cbe4cfc86f
                            • Instruction Fuzzy Hash: 7691B474E00218CFDB14DFAAD984A9DBBB6FF88300F108169D859AB365DB709A46CF51
                            Function 0186C753 Relevance: .2, Instructions: 190COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6b26bee23890c45a39b087395cef34e86fd533208f31089b41807e91f0961ab3
                            • Instruction ID: f874a1966c85e822b0ab7de37f95535ed9b3809600b869588c8b041b1489efc5
                            • Opcode Fuzzy Hash: 6b26bee23890c45a39b087395cef34e86fd533208f31089b41807e91f0961ab3
                            • Instruction Fuzzy Hash: 9F81B274E00218CFDB14DFAAD884A9DBBF6BF89310F14D069E849AB265DB349A41CF11
                            Function 01864AD9 Relevance: .2, Instructions: 187COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: aa45af4a3c0cf3f34b734238a86c6699282b99eac0234c65740b42eb3c893d6b
                            • Instruction ID: 2eef9cc81279a77645bdcfc6232eca6c940464e989369926a6b159258800c8b5
                            • Opcode Fuzzy Hash: aa45af4a3c0cf3f34b734238a86c6699282b99eac0234c65740b42eb3c893d6b
                            • Instruction Fuzzy Hash: 8781B274E00218DFDB18DFA9D984A9DBBF6BF88300F14D069E819AB365DB309941CF11
                            Function 06EE8BF9 Relevance: .2, Instructions: 187COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0c323118d70044b9a647db0b5ec9219e4fcd564c34c8c58e1c78da448f0c2df8
                            • Instruction ID: e312c000071508fba03ed447d35e0c8d45c9a6b04c817200874e705d747f2317
                            • Opcode Fuzzy Hash: 0c323118d70044b9a647db0b5ec9219e4fcd564c34c8c58e1c78da448f0c2df8
                            • Instruction Fuzzy Hash: A681C074E00218CFDB58DFAAD9947EEBBF2BF89300F24916AD419AB294DB345945CF40
                            Function 0186CA33 Relevance: .2, Instructions: 183COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e24414ed9c92bdc0ca98e094f85f861d970905093a9bcfde7219e0d7a0322115
                            • Instruction ID: 5321399fd7a891bd4d4ef6bc8dec7479a214d0a9034068a074a01c681faad4c8
                            • Opcode Fuzzy Hash: e24414ed9c92bdc0ca98e094f85f861d970905093a9bcfde7219e0d7a0322115
                            • Instruction Fuzzy Hash: 45819074E00218CFDB14DFAAD984A9DBBF6BF88300F14D069E859AB265DB349A41DF11
                            Function 06EEAC37 Relevance: .2, Instructions: 181COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 56f92016b5dddbc5990235865d98a0e0b504f67cbacc55d738785386cf062960
                            • Instruction ID: 20d1209c865b1218ccb0dcc6686158baa4151f03ee934038581ffb02095e8f8b
                            • Opcode Fuzzy Hash: 56f92016b5dddbc5990235865d98a0e0b504f67cbacc55d738785386cf062960
                            • Instruction Fuzzy Hash: 0E81A4B5E01618CFEB68CF6AC944B9DBBF2AF89300F14D1AAD40DA7254DB344A85CF51
                            Function 06EECBC0 Relevance: .2, Instructions: 168COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 116aca081aeff48a84d88c62622f56ab1626d30fb3c8f148dbf3f1ae8a190c9e
                            • Instruction ID: 192f9ed11ab6036616c423f9baed2d2f98499cd21a49a7902811ac77c8f3f434
                            • Opcode Fuzzy Hash: 116aca081aeff48a84d88c62622f56ab1626d30fb3c8f148dbf3f1ae8a190c9e
                            • Instruction Fuzzy Hash: B3719671E01628CFEB68CF6AD944B9DBBF2AF89300F14D0AAD40DA7254DB344A85CF51
                            Function 06EEA5F0 Relevance: .2, Instructions: 167COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1596cbc9bdffa8e65114611692115538584511ba4b0354b4227c1c920949d626
                            • Instruction ID: 2365e4917496626b1661a6be252af1580ce962324f250019a494d89d121926ce
                            • Opcode Fuzzy Hash: 1596cbc9bdffa8e65114611692115538584511ba4b0354b4227c1c920949d626
                            • Instruction Fuzzy Hash: 43719574E01619CFEB68CF6AC944B9DBBF2AF89300F14C1AAD40DA7254DB354A85CF51
                            Function 0186B4F3 Relevance: .2, Instructions: 151COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 00ec89029e6978a26c8a6ccc1fa64fc835bebe37564b957e04ea8832314b6207
                            • Instruction ID: 41500a5bc0089554e49d5e1d292f899b8e59a484668e94cad7178f6c6a5d4741
                            • Opcode Fuzzy Hash: 00ec89029e6978a26c8a6ccc1fa64fc835bebe37564b957e04ea8832314b6207
                            • Instruction Fuzzy Hash: 91619174E006089FDB18DFAAD984A9EBBB6BF88300F14C069E819EB365DB345941CF51
                            Function 06EEBF20 Relevance: .1, Instructions: 121COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4ebbbde2e1cd14a523d3f9550a68e8182ef26bc7667aefd1ef4faba5999b637c
                            • Instruction ID: 4cb706376909ec9d04ed106b3544f0ef04265886e2506c3016eb6287976656ad
                            • Opcode Fuzzy Hash: 4ebbbde2e1cd14a523d3f9550a68e8182ef26bc7667aefd1ef4faba5999b637c
                            • Instruction Fuzzy Hash: 884196B1E016188BEB58CF6BD94579AFAF3AFC9204F14C0AAC50CA6255DB740A868F50
                            Function 06EEC570 Relevance: .1, Instructions: 121COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 072d77ea12917e6b1445fe70cb7d33bdee32218e95beaf8eb56c010ba1af3004
                            • Instruction ID: 411a26de77adc509afea19c7c8bec17c8b2af17f3a02db4785e10c86fb23a20e
                            • Opcode Fuzzy Hash: 072d77ea12917e6b1445fe70cb7d33bdee32218e95beaf8eb56c010ba1af3004
                            • Instruction Fuzzy Hash: A34188B1E016188BEB58CF6BDD457DAFAF3AFC8310F14D1AAC50CA6264DB740A858F51
                            Function 06EEB8D0 Relevance: .1, Instructions: 112COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dcf3ce7db60ecdb58d52c216cf0d48c4497ecb6ad448be8cb263b2af9353232c
                            • Instruction ID: 047d90e8c380b32275eb30a44d118acbcb422ab059b852ba850217106eb6cec4
                            • Opcode Fuzzy Hash: dcf3ce7db60ecdb58d52c216cf0d48c4497ecb6ad448be8cb263b2af9353232c
                            • Instruction Fuzzy Hash: FD4168B1E016188BEB58CF6BD9457DAFAF3AFC8300F14C1AAC50CA6264DB740A85CF51
                            Function 06EE9FA0 Relevance: .1, Instructions: 111COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b8ac6f2bd3cc5d3af22e35ff44534a042b7583e5a7638b040333a16c9369b4ab
                            • Instruction ID: cd53176f8f51e787adfe5662954246459e5f277381a5c964db243ee945bed5b8
                            • Opcode Fuzzy Hash: b8ac6f2bd3cc5d3af22e35ff44534a042b7583e5a7638b040333a16c9369b4ab
                            • Instruction Fuzzy Hash: 92416CB1E016188BEB58CF6BC9457DAFAF3AFC8310F14C1AAD50CA7255EB740A858F51
                            Function 06EE85A7 Relevance: .1, Instructions: 111COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1600210bbe184c8d3a2ea320256333bd144ddaa6198e47c220ffa2ae402ad584
                            • Instruction ID: b071694dbaa5219b79986b431615cc3b609344bb6c99bdc4ebcb7a89a552c292
                            • Opcode Fuzzy Hash: 1600210bbe184c8d3a2ea320256333bd144ddaa6198e47c220ffa2ae402ad584
                            • Instruction Fuzzy Hash: DC41D4B5D00208CBEB58DFAAD9547DEBAF2BF88300F14D16AC418BB294DB754986CF54
                            Function 06EED209 Relevance: .1, Instructions: 111COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 25ed788d2a124e00dd5de131e2717cd1e3b3a6840fb3eb9d64f99bbc5429f0d2
                            • Instruction ID: 9964eca91fc1aca53f58a0979a8e0adc74b1ab82ca8abf924be2a94fa703d056
                            • Opcode Fuzzy Hash: 25ed788d2a124e00dd5de131e2717cd1e3b3a6840fb3eb9d64f99bbc5429f0d2
                            • Instruction Fuzzy Hash: 524179B1E016188BEB58CF6BDD457DAFAF3AFC8300F04C0AAD50CA6254DB740A858F51
                            Function 06EEB281 Relevance: .1, Instructions: 108COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8abe731302f2c4d6de48e6cb453dfad2ef379e5284afe3a9f6d1d782cda6c681
                            • Instruction ID: c0bf0fe74d7c9e01066399b7327b8a330fe36da0bf6c0d8269cf49af86178f6a
                            • Opcode Fuzzy Hash: 8abe731302f2c4d6de48e6cb453dfad2ef379e5284afe3a9f6d1d782cda6c681
                            • Instruction Fuzzy Hash: 1A4168B1E016188BEB58CF6BC9457DDFAF3AFC8314F14C1AAC50CA6254EB740A858F51
                            Function 018677F0 Relevance: .7, Instructions: 702COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c01fd8294590237d3e11166ad83ecb93e2d880096fa6d36ad0572e5e9d8a3954
                            • Instruction ID: 5e14dd071e388cb2d8828cf77b8a31e6311616628cc0f50bb6d30c4a6aaae359
                            • Opcode Fuzzy Hash: c01fd8294590237d3e11166ad83ecb93e2d880096fa6d36ad0572e5e9d8a3954
                            • Instruction Fuzzy Hash: 55520F34A0021DCFEB559BE8C860B9E7B76EF84301F1080A9C60AA7396DF359E85DF51
                            Function 018687E9 Relevance: .5, Instructions: 509COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 787e3b128a37f5267422d659775b3e9502e2a2d402a3bb1ad32704ed446b4a12
                            • Instruction ID: 7f305212297a976a0130f304df89a671ce2f29a435f5d5231a87a5d492418052
                            • Opcode Fuzzy Hash: 787e3b128a37f5267422d659775b3e9502e2a2d402a3bb1ad32704ed446b4a12
                            • Instruction Fuzzy Hash: 73F1A4703143058FEB159A2DC958B3D3A9EEF97705F0844A6E60ACF3A2EE65CE41C752
                            Function 01866E58 Relevance: .5, Instructions: 498COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d2eba89bcaf6252ec00496c9b0d3d40da53889bb24bccea442215bc7d6af05f0
                            • Instruction ID: 6bd9e3a9c78738da17ad2988b426e7949bfcae66a6dc5a42ea283678d12a2587
                            • Opcode Fuzzy Hash: d2eba89bcaf6252ec00496c9b0d3d40da53889bb24bccea442215bc7d6af05f0
                            • Instruction Fuzzy Hash: 52223830A00249CFDB15DF68D984A9EBBF6EF88318F558559E905DB361DB30EE41CB90
                            Function 0186A818 Relevance: .4, Instructions: 410COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 084b3f5f4b76741d39044ff87dfec1c5a8165c177cb287bd6064c93475a44b63
                            • Instruction ID: b5ee7ee8695de0003d19c537bf334cabb02f8201595a10d6db0cfa94826c39f3
                            • Opcode Fuzzy Hash: 084b3f5f4b76741d39044ff87dfec1c5a8165c177cb287bd6064c93475a44b63
                            • Instruction Fuzzy Hash: 21F12C75A00515CFCB19CFACC984AADBBFABF88310B1A8459E515EB362CB35ED41CB50
                            Function 01860C8F Relevance: .4, Instructions: 405COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: deecfee420df668d7120eb361c2f8dcdd75797f72d36d5956b76033944c0ae54
                            • Instruction ID: f36efa73dcc9655826c79547217fcf56949bd08206aa3a97f4a4b1350c36e80b
                            • Opcode Fuzzy Hash: deecfee420df668d7120eb361c2f8dcdd75797f72d36d5956b76033944c0ae54
                            • Instruction Fuzzy Hash: D522EA74E0021ACFCB54DF68E885AADBBB6FF88301F1092A9E909A7354DB745E45CF41
                            Function 01860CA0 Relevance: .4, Instructions: 395COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: de8a2d8171fc54bb6f459cd32be423542b8052488a8c03e3e4d01c0874a9fb40
                            • Instruction ID: 6b9c7106e352ef7aab49779247ef45beab8ef113495d5d8f9492ce14216bee38
                            • Opcode Fuzzy Hash: de8a2d8171fc54bb6f459cd32be423542b8052488a8c03e3e4d01c0874a9fb40
                            • Instruction Fuzzy Hash: 2022DA74E0021ACFCB54DF68E885A9DBBB6FF88301F1092A9E909A7354DB745E45CF41
                            Function 018656A8 Relevance: .3, Instructions: 323COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 39b4b92aa01803bc124b5806fdcf3e10e1523489539623c4bb16aec6551b6a83
                            • Instruction ID: 7fdc5da7ab37263933ac95e6295e86152acba3771cf23c37d6739d774ee79108
                            • Opcode Fuzzy Hash: 39b4b92aa01803bc124b5806fdcf3e10e1523489539623c4bb16aec6551b6a83
                            • Instruction Fuzzy Hash: C8B1BE307042198FDB169F78D894B2E7BAABF89394F148529E90ACB391DF74CE01C791
                            Function 06EE1F80 Relevance: .2, Instructions: 234COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bd477fd227a87df92b4fab8c2c04f32998a981751b14c61232cf07e51dffa251
                            • Instruction ID: a61e8a546841407d8b01468e1d73a9bbfa5085f89d72db4bf4bf917aa87fa41a
                            • Opcode Fuzzy Hash: bd477fd227a87df92b4fab8c2c04f32998a981751b14c61232cf07e51dffa251
                            • Instruction Fuzzy Hash: 4081C534B002058FDB48DF78D858A6E77FAFF89600B118169D605DB3A1DB31DE05CB91
                            Function 01865C08 Relevance: .2, Instructions: 232COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 94e35ed0902b4c76a5f6a714b29ecfb887a5f9f59259aaeed668b7c97f9fc1fa
                            • Instruction ID: 4aef2c347602545ddf30c10a64a1972803ebefd7ec9bfae87c71ab8fd982129a
                            • Opcode Fuzzy Hash: 94e35ed0902b4c76a5f6a714b29ecfb887a5f9f59259aaeed668b7c97f9fc1fa
                            • Instruction Fuzzy Hash: 6381A434B00509CFDB14CFADC888A6ABBBAFF89394B148169D505DB3A5DB31DE42CB51
                            Function 01867438 Relevance: .2, Instructions: 201COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 842ecf5c802ae7929282dc8523809fc95d1ca3171eb05e781c77fee43ae32b5f
                            • Instruction ID: 0de433382516b231e3cd1c3cb948fc70e1c9f41b7653be9d45b43fcf24131f84
                            • Opcode Fuzzy Hash: 842ecf5c802ae7929282dc8523809fc95d1ca3171eb05e781c77fee43ae32b5f
                            • Instruction Fuzzy Hash: 0071F7347002458FDB15DF2CC898AA97BEAAF49718F1540A9E906CB3B1DB70DE41CBD1
                            Function 06EE94B8 Relevance: .2, Instructions: 177COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e514400ac72c5ffa90d09409f18c8f874c9d885afb992ff5b54020b8ecb93c6b
                            • Instruction ID: 9aa6f5539c39967adadf6fb2f01902657578c3ac4bd514f8beaa5b9103a770b0
                            • Opcode Fuzzy Hash: e514400ac72c5ffa90d09409f18c8f874c9d885afb992ff5b54020b8ecb93c6b
                            • Instruction Fuzzy Hash: 2B514D31F103198BDB59DBA9C8506AEBBF2AFC4700F54852AD406BB380DF749D45C795
                            Function 0186CEC7 Relevance: .2, Instructions: 172COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9103b6607c9ddf788f8d54d7dfdf5794ddddcae01d214a80f2aa63787bfe28c1
                            • Instruction ID: 150f802d11663e92108ac312e04a39093dbf77729828b637d15373d36d573d26
                            • Opcode Fuzzy Hash: 9103b6607c9ddf788f8d54d7dfdf5794ddddcae01d214a80f2aa63787bfe28c1
                            • Instruction Fuzzy Hash: 3851AE7283524A8FC3202B24E5AE12EBFB9FB4F3177057D44B60E85059CF7065899F61
                            Function 06EE0D39 Relevance: .2, Instructions: 172COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4ff908b6018d8a776451be8814b86e0abda39b3b968fd975eff64a2fd9dc7e6a
                            • Instruction ID: 5d30822b9f833523b04c7951f01b1a0bd3b2f366135b7a345d9b31a3c03b6607
                            • Opcode Fuzzy Hash: 4ff908b6018d8a776451be8814b86e0abda39b3b968fd975eff64a2fd9dc7e6a
                            • Instruction Fuzzy Hash: 54819074E41229DFEB65DF29D894BEDBBB5BB89300F1090EAD809A7250DB715E81CF40
                            Function 0186CED8 Relevance: .2, Instructions: 167COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 98a1aec864f4da9d053c168413034a5d8edfe27b438fbd50d27f5de6d830b9e1
                            • Instruction ID: fc12a0f27a2083ab0f25535ee2895b1ff3c41d90f82b223d081720671ef4b9b8
                            • Opcode Fuzzy Hash: 98a1aec864f4da9d053c168413034a5d8edfe27b438fbd50d27f5de6d830b9e1
                            • Instruction Fuzzy Hash: 34518C7283124B8F83242B24E1AE12EBFB9FB8F7277457D04B60E85059CF7065859F61
                            Function 0186D59F Relevance: .2, Instructions: 156COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cef9f6d0ff989b07e5ccfe9582a6d85a4878c595fda30495d92e3a8bf11e3b48
                            • Instruction ID: 8576ea9fef3ed1587c676004539b1f9dcd728aa21c42327791ebec2f58736442
                            • Opcode Fuzzy Hash: cef9f6d0ff989b07e5ccfe9582a6d85a4878c595fda30495d92e3a8bf11e3b48
                            • Instruction Fuzzy Hash: 9B613270E01219CFDB15DFE4D854AAEBBB2FF88300F209129E905AB395DB756A45CF40
                            Function 06EE1D30 Relevance: .2, Instructions: 151COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 70e13fb3625a054e6a9af4a8fb88f65f602592a862629c6fe7eeda7456c8fed1
                            • Instruction ID: f1901f1bce330ec52ad5fe6af2e0d2d059bf46f0ba2347085ee42edd1467a22c
                            • Opcode Fuzzy Hash: 70e13fb3625a054e6a9af4a8fb88f65f602592a862629c6fe7eeda7456c8fed1
                            • Instruction Fuzzy Hash: B4510774B04615CFD758DB28D898AAA73B5FF48355B216864E402DB365CB38EC81CBD0
                            Function 018638F9 Relevance: .1, Instructions: 142COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b123a9a2f36808b079c647322165fc66efdf569028c0a2dc4a13817f56ab0823
                            • Instruction ID: cb7ce591bc481aa741510b6d16d49dd58792c8ba8a231cb516434751c9017b34
                            • Opcode Fuzzy Hash: b123a9a2f36808b079c647322165fc66efdf569028c0a2dc4a13817f56ab0823
                            • Instruction Fuzzy Hash: 5A51C574E01209CFCB48DFA9D99489DBBB6FF89301F209469E805AB324DB35AD42CF51
                            Function 0186CD10 Relevance: .1, Instructions: 139COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1d062ad6891c5645f058fec3a32185606c4b6c4ee49f65f2efd454431d8c43a9
                            • Instruction ID: 164d8bf94a84794001fcf111916a0eda3746820fb2c9698afeb6274b58fb252e
                            • Opcode Fuzzy Hash: 1d062ad6891c5645f058fec3a32185606c4b6c4ee49f65f2efd454431d8c43a9
                            • Instruction Fuzzy Hash: 57519474E01208DFDB58DFAAD98499DBBF2FF89300F248169E819AB365DB319905CF50
                            Function 06EED868 Relevance: .1, Instructions: 136COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 50ac304c84e19a92165f7f877a85da44715443ee5f8f1eccb73d82a1d2164135
                            • Instruction ID: 26cf3a594803eb752ccf111dd3f1b5d6c3d9ee1e281c1a8afaa48ad4491d2a22
                            • Opcode Fuzzy Hash: 50ac304c84e19a92165f7f877a85da44715443ee5f8f1eccb73d82a1d2164135
                            • Instruction Fuzzy Hash: 70412E3191131ACFE714AFB0E45C7FE7BBAEB8A316F106919D101A6294CBB80B44CF91
                            Function 01863908 Relevance: .1, Instructions: 134COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4ba2327ea9b2f525f99ade42e726d3abb5efed750276d82bfb962c8b27af10a4
                            • Instruction ID: f0e1de45e7f0698dc54d41232bf994fbe2b27b141b35a5ae6c3085ea987a3cd8
                            • Opcode Fuzzy Hash: 4ba2327ea9b2f525f99ade42e726d3abb5efed750276d82bfb962c8b27af10a4
                            • Instruction Fuzzy Hash: B3519374E01209CFCB48DFA9D59499DBBB6FF8D301B209469E805AB324DB35AD42CF51
                            Function 06EE99F1 Relevance: .1, Instructions: 130COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 45fee6521a6ff49f5dddfff0066ad3867fc93fb4179862da0f6d737d5e42766e
                            • Instruction ID: 9498bf4b3e6f81a88931c2bffa974f0628403539f01e3ca9ed054c6f86c41716
                            • Opcode Fuzzy Hash: 45fee6521a6ff49f5dddfff0066ad3867fc93fb4179862da0f6d737d5e42766e
                            • Instruction Fuzzy Hash: 125103B5D00219CFDB14DFA4E5847EDBBF1EF88310F10A02AD405A7255DB786A45CF50
                            Function 0186A650 Relevance: .1, Instructions: 126COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0f9bb5c8c6fae5633b4564100b5b4ae9d8548f65c4877a5930d88c70662b51b5
                            • Instruction ID: 9c25f68abdf789ba9aef77366f7b5a250599164ad5d5f496eb1a33b19e313b19
                            • Opcode Fuzzy Hash: 0f9bb5c8c6fae5633b4564100b5b4ae9d8548f65c4877a5930d88c70662b51b5
                            • Instruction Fuzzy Hash: 2641E335B102089FCB19AB78D955AAE7FBABBCC311F148469E916E7391CE308D01DB91
                            Function 01869A63 Relevance: .1, Instructions: 125COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f224d80371e78dcba35347fca8fad12af2ab427bb62fab569344f8b6c6faefa8
                            • Instruction ID: a187e3890eb2b1ef2c59fd0c02b895e6d8fc4729d1122ef2f4d24427f9bb3851
                            • Opcode Fuzzy Hash: f224d80371e78dcba35347fca8fad12af2ab427bb62fab569344f8b6c6faefa8
                            • Instruction Fuzzy Hash: 2541A031E04249DFCF12CFA8C845A9DBFB6AF49318F048555E915DF2A5D731DA10CB50
                            Function 06EE1BD0 Relevance: .1, Instructions: 118COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2e8b02976c6c792179e245c8ddf1ea5383fdc45788edf0f4d9009036de2091b5
                            • Instruction ID: 1d9450f7b16ed2ae11f50cfa4f228bac5921372faf9a73defacd6a77a29037e1
                            • Opcode Fuzzy Hash: 2e8b02976c6c792179e245c8ddf1ea5383fdc45788edf0f4d9009036de2091b5
                            • Instruction Fuzzy Hash: 76313731B043528FCB9D9B28D8909BE7BAAAF8225071555B6E805CF361DB30DCC1C791
                            Function 06EE94A8 Relevance: .1, Instructions: 117COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 291058b9c54f72fd7f486020852c71657d56d1bd90df3571c8d26ead2e65a8d2
                            • Instruction ID: 0c6506dab19e716ca51de392da7294fa02b098b04d3ebfa729d66a7590dfd68d
                            • Opcode Fuzzy Hash: 291058b9c54f72fd7f486020852c71657d56d1bd90df3571c8d26ead2e65a8d2
                            • Instruction Fuzzy Hash: 89413031E1031A9BDB15DFA5C890ADEB7F5AF88710F25922AE415B7340EB70A945CBE0
                            Function 01863428 Relevance: .1, Instructions: 112COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9b77b0c709b42ac269a3dd7225a47d0c9b3deefc9f7a98eb841872780bbf14d9
                            • Instruction ID: 771bae1ee96c9c42322c0e3b245b83b56dde9905e1a85d14272fb47555d7d9a1
                            • Opcode Fuzzy Hash: 9b77b0c709b42ac269a3dd7225a47d0c9b3deefc9f7a98eb841872780bbf14d9
                            • Instruction Fuzzy Hash: 9F31B235B003198BEB2E4AAD49D827EA99EBBD4310F144039ED0AC7381DFB4CE058761
                            Function 06EE9A00 Relevance: .1, Instructions: 111COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 91b8c495eb7faa8450a97dc27d72db807fa6e37c4f9616c5ba37cf6f3bf09630
                            • Instruction ID: e7ccb6c1a4f69df9e4aad13efa37338b843b70c7b96f8677369bb6ad89e7a07b
                            • Opcode Fuzzy Hash: 91b8c495eb7faa8450a97dc27d72db807fa6e37c4f9616c5ba37cf6f3bf09630
                            • Instruction Fuzzy Hash: 4341C0B4D01218CFDB44DFA5D5847EDBBF2EF88304F10A12AD409A7294DB796A45CF50
                            Function 01864DC8 Relevance: .1, Instructions: 101COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 22a4518dad841b24410272505fa82f6eb418d531548d1499b4cf1d7075d9a752
                            • Instruction ID: ef7daa36c2a5c30703381d35bbea03dd0c2f8e082848c390e4e3a89f99a9d972
                            • Opcode Fuzzy Hash: 22a4518dad841b24410272505fa82f6eb418d531548d1499b4cf1d7075d9a752
                            • Instruction Fuzzy Hash: 87317331A0410E9FCB469FA8D894AAF3FAAFB48314F008415FA15CB291CB35CE61CB91
                            Function 018676D0 Relevance: .1, Instructions: 94COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 15869024bfc92fcd00f71a5dfe28139cde16001e62b249bce2faf3b54204522f
                            • Instruction ID: 9a35415e6d0416b774b1609c5cae5ab2b230ed07bb2cb30dc2df705f0913b90a
                            • Opcode Fuzzy Hash: 15869024bfc92fcd00f71a5dfe28139cde16001e62b249bce2faf3b54204522f
                            • Instruction Fuzzy Hash: ED2136347042054BEB1A173D8D94A3E3A9FAFC571DB184079D602CB7A6EE29CD41E3C1
                            Function 0186A809 Relevance: .1, Instructions: 91COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f0b6864897ec5082aaba56a635791518c2a3c48abf7f82d7fbcddb5bd853331f
                            • Instruction ID: 5b120783c069e2a6bc8780daf0da3ce4948a635b868cd5e705b7b4a096245652
                            • Opcode Fuzzy Hash: f0b6864897ec5082aaba56a635791518c2a3c48abf7f82d7fbcddb5bd853331f
                            • Instruction Fuzzy Hash: 8E31AB75E005098FCB09CF6DC8849AEBBBAFF85350B258559E515E73A6CB349D02CB90
                            Function 06EED859 Relevance: .1, Instructions: 90COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 578cb910b05440a432db3581e76a27e5c27de9f2ad34d5dbc69c1735c020af02
                            • Instruction ID: 2c9aa627b19610bfa1ea8ae59d74a14848d6080254f3cca6fe3683bdb9c30ceb
                            • Opcode Fuzzy Hash: 578cb910b05440a432db3581e76a27e5c27de9f2ad34d5dbc69c1735c020af02
                            • Instruction Fuzzy Hash: E6316F3180135ACFEB04AFB0E45C7FE7BB5EB4A316F005955D11166294CBB80B48CF51
                            Function 018676E0 Relevance: .1, Instructions: 87COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a878da13f6a9d0f49053184bc7145530a5908497312ab10f4298275a1d06bff2
                            • Instruction ID: 2b207ad8eead7cacad43daf1b722af210d11bab9451b10f87162da330cf7d5a2
                            • Opcode Fuzzy Hash: a878da13f6a9d0f49053184bc7145530a5908497312ab10f4298275a1d06bff2
                            • Instruction Fuzzy Hash: 102192387142094BEB191A398894B7E3A9FAFC871DF144079E602CB799EE6DCD81D3C1
                            Function 06EE1D21 Relevance: .1, Instructions: 85COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5a225caab143f60a3dd1ff0dd0cccb16ee1685c7ce55b3d86d6ddc488ff439ee
                            • Instruction ID: ecb7747651ffe0126cfe2d27edfc027759fc7c73ab6603891575bdf91cf13f50
                            • Opcode Fuzzy Hash: 5a225caab143f60a3dd1ff0dd0cccb16ee1685c7ce55b3d86d6ddc488ff439ee
                            • Instruction Fuzzy Hash: 9E31DC74708208CFD788EA18E994AFA37B9FF49395B616851F412CB256C738EC80CBD0
                            Function 01865A63 Relevance: .1, Instructions: 80COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0a343e7e032d92b2b19d3f5f685cc0ba99f244d68b682ad36d29fcec5dd8169b
                            • Instruction ID: 7bb5e0ebcf5e69a56a07f4854a63af08c601690d0f6f4d1ecc33203f30a6bc52
                            • Opcode Fuzzy Hash: 0a343e7e032d92b2b19d3f5f685cc0ba99f244d68b682ad36d29fcec5dd8169b
                            • Instruction Fuzzy Hash: B521F6357016168FD7299A68D49463E7BABFF88795B198169E906CB354CF30CD02CBC0
                            Function 01862060 Relevance: .1, Instructions: 77COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b9c35289e252d1fc650d13f35cc2a6a16e7d91b53e01f3d22903ffabfeb8a0e3
                            • Instruction ID: d45922440ff09a7b0ca7d12e00ce8255e7889c4ef42c35357783fd25d1b30edc
                            • Opcode Fuzzy Hash: b9c35289e252d1fc650d13f35cc2a6a16e7d91b53e01f3d22903ffabfeb8a0e3
                            • Instruction Fuzzy Hash: 7221A135B00106DFCB14DB68D8509AE77AAEB9D360F20C499D909CB280DB36EF41CBD2
                            Function 0181D044 Relevance: .1, Instructions: 72COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591523168.000000000181D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0181D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_181d000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2947e77301a2d01bcb1d5abfa8ead302b4c9a43b05dbf10f82ce26f58e44ea0e
                            • Instruction ID: bdef988e0e7ffe2eb458287cb478c2b2db4e6b88baa43022af2c7dc7872deb41
                            • Opcode Fuzzy Hash: 2947e77301a2d01bcb1d5abfa8ead302b4c9a43b05dbf10f82ce26f58e44ea0e
                            • Instruction Fuzzy Hash: D22167B2104204EFCB14CF64C9C8B26BB69FB84318F20C66DE9098B256C77AD846CA61
                            Function 0186215C Relevance: .1, Instructions: 68COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ae059d83ce9879d10f4c84d17faf0088bcd6d00a5c5b8626d7f4172ebf7fee3a
                            • Instruction ID: b03214f95f5f38c6287417fa4f730718fc1dbc487bea0550088e34d6147eae74
                            • Opcode Fuzzy Hash: ae059d83ce9879d10f4c84d17faf0088bcd6d00a5c5b8626d7f4172ebf7fee3a
                            • Instruction Fuzzy Hash: B3117F72E48359DFCB02DBB89C104DEBB35FF8A310B2593D7D616B7091EA212905C791
                            Function 0186D4C0 Relevance: .1, Instructions: 67COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4f706377db530cbdb32f860a86ee93eba889b2854996b258ad28bf3c6874ccaf
                            • Instruction ID: 1508f05d5ec23325968ba1de655e8a38e2549fcb64c92634b636603c5d0e500b
                            • Opcode Fuzzy Hash: 4f706377db530cbdb32f860a86ee93eba889b2854996b258ad28bf3c6874ccaf
                            • Instruction Fuzzy Hash: CA21C170A0024ACFEB06DFB8C88069DBFF5FB85304F04D6A9C554DB255EB744E468B81
                            Function 0186D144 Relevance: .1, Instructions: 64COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 47a342b807900ea545781b7387f5f54f682f01ef2e1b1abc0d414a28aad82af7
                            • Instruction ID: 847f3980fb6147c1cb810982d06acf0d7372b9f88e0235937f635a1d53e82a5a
                            • Opcode Fuzzy Hash: 47a342b807900ea545781b7387f5f54f682f01ef2e1b1abc0d414a28aad82af7
                            • Instruction Fuzzy Hash: 00211331D11659CECB11EFE8E8041ECFBB8EF0A310F10965AD545BB250E770AA4ACB51
                            Function 06EEDC68 Relevance: .1, Instructions: 60COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8d68b4dc69a5f44cedc195ad88ba49f838c30c67d7868bb23938d2deefaed2bf
                            • Instruction ID: 61416567a10482d52d6a8527e5fbe7ca3ad1a17c1cb74eb568d8e33b53070478
                            • Opcode Fuzzy Hash: 8d68b4dc69a5f44cedc195ad88ba49f838c30c67d7868bb23938d2deefaed2bf
                            • Instruction Fuzzy Hash: 9311D635B153549FE7051AB99C142BBBEABAFCA251B1884B7F506C7286DD788C068370
                            Function 01865A70 Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e83953099830d75a78d2fa3d16b6ce762eab335892dfef071ce1ec01b275f6a6
                            • Instruction ID: 2716abd8f67761f1e66aaa8faf5143293e2c26ce2cff83093d675dd3a0e279f2
                            • Opcode Fuzzy Hash: e83953099830d75a78d2fa3d16b6ce762eab335892dfef071ce1ec01b275f6a6
                            • Instruction Fuzzy Hash: 0611A1317016168FD7299A29D89892EBBAAFF887957194178E90ACB350DF20DD02CBD0
                            Function 01861F61 Relevance: .1, Instructions: 56COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 22949dcf7a24c50711331c375026835ddc95d090eb4c7754dab27863e8a67082
                            • Instruction ID: 1db110472959cd3cdfd8bcd796974228c8ed2c7c62369981fe608a45d53cf334
                            • Opcode Fuzzy Hash: 22949dcf7a24c50711331c375026835ddc95d090eb4c7754dab27863e8a67082
                            • Instruction Fuzzy Hash: 4121CEB4D142498FCB40EFA8D8455EEBFB5BB49300F1051AAE905F3210EB305A85CBA1
                            Function 01861F08 Relevance: .1, Instructions: 55COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0258e2d0c188d2de5254c43ec5f17506ea4e3b26307cdbd0e1be669094ae749c
                            • Instruction ID: 02e08421b6256f1c52662891d55b4688f0e6c2b8f0c94ca5779698e189b43a26
                            • Opcode Fuzzy Hash: 0258e2d0c188d2de5254c43ec5f17506ea4e3b26307cdbd0e1be669094ae749c
                            • Instruction Fuzzy Hash: 702110B4D0460D8FCB40EFA8D8495EEBFB5FF8A300F1451AAD905B7214EB305A85CBA1
                            Function 06EE91E0 Relevance: .1, Instructions: 55COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a279c82302849dc663d73b5f9fe2f82a88449ec2760a4727da651424d0370bfa
                            • Instruction ID: cecfe3deb982cbbe30c46f0eeb5316e2c11e08c8c5870ee3e54ed3f9473bf0dd
                            • Opcode Fuzzy Hash: a279c82302849dc663d73b5f9fe2f82a88449ec2760a4727da651424d0370bfa
                            • Instruction Fuzzy Hash: FC1126B6800349DFDB10CF9AC945BDEBFF5EB48320F148419EA14A7211C379A954CFA5
                            Function 0186D4D0 Relevance: .1, Instructions: 54COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ff7294fccfdf930dfc142a3e0af3023f9962a1279f4864aedaeb88c3daae828d
                            • Instruction ID: 37c93dd691cfd8f7d902f98a0635ef682d4a0dc995be8919116cae3267a637a2
                            • Opcode Fuzzy Hash: ff7294fccfdf930dfc142a3e0af3023f9962a1279f4864aedaeb88c3daae828d
                            • Instruction Fuzzy Hash: DA114F70E0020ADFEB05DFA8D98479EBFF5FB84304F00D669C504A7254EB745E458B81
                            Function 01865607 Relevance: .1, Instructions: 54COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fb898987d2bb50e317badb3c2337231ec61a8e895f2f9521765589b2b86710fc
                            • Instruction ID: 8a2c4466c01268bc1f58f8e6376c0219562fb0a3cdbc3594912b7c3f9a139b97
                            • Opcode Fuzzy Hash: fb898987d2bb50e317badb3c2337231ec61a8e895f2f9521765589b2b86710fc
                            • Instruction Fuzzy Hash: 6E01D671B041155FDB029E98AC10AAE3FAADBD9790B188066FA09CB280CA71CD02C7A1
                            Function 06EE8E69 Relevance: .1, Instructions: 54COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dacbc25725c3f2e8cf467233a6b2a72efce46b38f5e208c04098c9dc3f34d72c
                            • Instruction ID: 4bcf17fe55a367ffd516be22930d1fde3e096e23cac8ddf76c063ee8905c653d
                            • Opcode Fuzzy Hash: dacbc25725c3f2e8cf467233a6b2a72efce46b38f5e208c04098c9dc3f34d72c
                            • Instruction Fuzzy Hash: D5113C78F402598FEB10DBF8D850BEEBBB1AB88311F10A161E808A7358E77199428B51
                            Function 0181D03F Relevance: .1, Instructions: 53COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591523168.000000000181D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0181D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_181d000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                            • Instruction ID: 8e6e72324eab93b333acea12eff8db0b581a68093b827651fe1b9b58a6e20979
                            • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                            • Instruction Fuzzy Hash: CB11DD76504684CFCB12CF64C9C8B15FFA2FB84314F24C6A9D8498B256C33AD44ACF62
                            Function 06EE2210 Relevance: .1, Instructions: 51COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b4395777ec26422364bf181ce3488fd84d6836b8124d85e234d34ed82dda7143
                            • Instruction ID: 526da2b71f2d2134a124eb6b7d8f67f7adca44c6380159c04bc2680f2c884b0f
                            • Opcode Fuzzy Hash: b4395777ec26422364bf181ce3488fd84d6836b8124d85e234d34ed82dda7143
                            • Instruction Fuzzy Hash: 60016DB6E10215CFC750DF78E90866E7BF8AF8C711B121569E905DB711DB31DD018B90
                            Function 06EE9947 Relevance: .0, Instructions: 50COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 91d1aaaf9f67ba42e16b736e980adac593e771f25a94497a84f93d1afac6725e
                            • Instruction ID: c542900c377d46113675f92d6289804b06d0592ea60a241b8450ec258fbac44a
                            • Opcode Fuzzy Hash: 91d1aaaf9f67ba42e16b736e980adac593e771f25a94497a84f93d1afac6725e
                            • Instruction Fuzzy Hash: 961132B6800249DFDB10CF99C945BEEBBF5EF48320F24841AEA18A7211C379A554CFA1
                            Function 06EE1CA1 Relevance: .0, Instructions: 46COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d1c580b95972363d873bd693a7eb8d42a82ef4b38d2a5373712c4a603d8c759a
                            • Instruction ID: 67d78e4bf5ff81020a01ebdf950d0dc4f05a1162e692bb55135a69b124a2b72c
                            • Opcode Fuzzy Hash: d1c580b95972363d873bd693a7eb8d42a82ef4b38d2a5373712c4a603d8c759a
                            • Instruction Fuzzy Hash: 3501D6757192808FC7059B34E9149353FA96F8621171A40E7EC06CF7A7D920CC01C7A0
                            Function 06EE9941 Relevance: .0, Instructions: 41COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cfac9e69ecb91e811d544c9b42d1c72ac2d16a843239cd8597bb61cb8f81dbe4
                            • Instruction ID: 3b733bba0927c2814dfa66944f944f091f08a48308b320b25e1ecdc822011421
                            • Opcode Fuzzy Hash: cfac9e69ecb91e811d544c9b42d1c72ac2d16a843239cd8597bb61cb8f81dbe4
                            • Instruction Fuzzy Hash: 0A017C7680020ADFDF10CF84D804BEEBBF1EF88310F148019E61497251C37AD560DBA1
                            Function 06EE2188 Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 95b0f0e75b53c765efeee4cf0d1a268149894ae2b82a26ff1562cc514839d734
                            • Instruction ID: 97ac396444a12a7fd2fbdfd3b670f8214f59aa6e6e14bc75ff0517917a8941a6
                            • Opcode Fuzzy Hash: 95b0f0e75b53c765efeee4cf0d1a268149894ae2b82a26ff1562cc514839d734
                            • Instruction Fuzzy Hash: 0401F670E00219CFCF44EFB9C8046EEBBF9AF48200F10816AD519E7250EB349A01CBA0
                            Function 06EE9708 Relevance: .0, Instructions: 35COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6208fda6eaaf7fbd83a2afffdc97020496ef495dfbb7de8f662145af2260b2ef
                            • Instruction ID: 41cde2641dbb7e5738c8e3e64453cd789e77e221bd46d36a11a1d9e66fa4d56c
                            • Opcode Fuzzy Hash: 6208fda6eaaf7fbd83a2afffdc97020496ef495dfbb7de8f662145af2260b2ef
                            • Instruction Fuzzy Hash: F4F089763001196F9F459ED89C419EF7FABEBC8250F004829FA05C7351DE715D1197A5
                            Function 06EE9707 Relevance: .0, Instructions: 33COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 90ea3f6d442d280c5fb913366b68c15954fe71e4c811df503e1f31eb9bb7da40
                            • Instruction ID: c04ccf522449db63ea7076013bea71f4b8ecb208ded99a03435172d7d252f4f3
                            • Opcode Fuzzy Hash: 90ea3f6d442d280c5fb913366b68c15954fe71e4c811df503e1f31eb9bb7da40
                            • Instruction Fuzzy Hash: 80F08277300119AFDF469ED8AC419EE7FABEFC8250B004829FA09D7351DE71891197A5
                            Function 06EE1CD0 Relevance: .0, Instructions: 33COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4594637715.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_6ee0000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ad797b159db5e2a92bead030a93e7da3b77be0d914d12524feb9469e239d00eb
                            • Instruction ID: 6205ecaaedd1811f5baf410a097c52e7e07123678f5ced71f35d9ee2e8ccc155
                            • Opcode Fuzzy Hash: ad797b159db5e2a92bead030a93e7da3b77be0d914d12524feb9469e239d00eb
                            • Instruction Fuzzy Hash: 53F0A7347102048FD748AF2AD85897A77AEEFC57517159069F506CB371DE30DC018BA0
                            Function 01862010 Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ecd32d03587a21a4e435813c482175122ee9c7e1e605574ce72d7752b63c51e0
                            • Instruction ID: d351f9de3ba557184a6c3d958b5a3070e2b54c1fcc0b5cb96dffcbd02de697d6
                            • Opcode Fuzzy Hash: ecd32d03587a21a4e435813c482175122ee9c7e1e605574ce72d7752b63c51e0
                            • Instruction Fuzzy Hash: 6FE02236C1035A87CB0196F0EC150DEBF3AED93210B044993C42477102E7601609D3A1
                            Function 01862020 Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cde4c0f4ab78242883f3be316a224472dd0b2745aa1e28efd93c3122ec256c74
                            • Instruction ID: 9b44438f306742223ab7b2fb5e83c9f40eaf4e06d6a9e4a6c89f4adb3948baf4
                            • Opcode Fuzzy Hash: cde4c0f4ab78242883f3be316a224472dd0b2745aa1e28efd93c3122ec256c74
                            • Instruction Fuzzy Hash: 80D01231D2022B968B00A6A5DC044DEB739EE96261B904626D51537144EB71265986E1
                            Function 01868258 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                            • Instruction ID: 31b47d2c2e3ce6d8945c039b7569ea71df7ea51c08079adcce0f491d6f32879d
                            • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                            • Instruction Fuzzy Hash: C5C08C3320C2282AA636108F7C40EB3BB8CC3C23F8E250137FA1CE3300A8429C8001F9
                            Function 0186A70D Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 07c4c3a587505d8cd995e9dbd67d9f3362405a446aba731e17c08a2666050016
                            • Instruction ID: 44643b90043d45d77d18393a949493f1404665809bfe905affeb2e8195ddba8d
                            • Opcode Fuzzy Hash: 07c4c3a587505d8cd995e9dbd67d9f3362405a446aba731e17c08a2666050016
                            • Instruction Fuzzy Hash: 8DD0677AB11108AFCB049F98E8419DDB7B6FB9C221B048126F915E7260C6319921DB50
                            Function 01865EA8 Relevance: .0, Instructions: 15COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 058b556115d2356e866b4742ccdb71da40fbf63632b9e2d0a6e0368d8b964696
                            • Instruction ID: 8bd6b57e0c840a10a3936f9b23838ab93ef54bd1ad72405526e4ba748278ffe4
                            • Opcode Fuzzy Hash: 058b556115d2356e866b4742ccdb71da40fbf63632b9e2d0a6e0368d8b964696
                            • Instruction Fuzzy Hash: 16D02B304187428BD316D7B0FE120243B25B5C4308F889489E80449659DBAC09099351
                            Function 01865EB8 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000004.00000002.4591693179.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_4_2_1860000_z17Mz7zumpwTUMRxyS.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4ca7c714b5e1aa166fcdf6aee29b61f5097c29bd515719259b3bb0fd4205e0ce
                            • Instruction ID: 4d5a8f6ec10f928aba4f65e05ed9f39fbaecc3ed6dc98b63739f49d469e5d31c
                            • Opcode Fuzzy Hash: 4ca7c714b5e1aa166fcdf6aee29b61f5097c29bd515719259b3bb0fd4205e0ce
                            • Instruction Fuzzy Hash: C0C0123051470FCBD645E7B5E9455253B2EF6C4308F80B518F50959119DFBC1D454791